Comments (2)
Thats part of why you do longer names typically but its up to your users to
make sure the whole address is correct. I think its outside the scope of
this project to consider what amounts to lazy users but your concern on a
basic level is valid.
On Jan 10, 2014 7:41 PM, "anoooon" [email protected] wrote:
If you use scallion to generate tor key, this is a major security risk.
Other people can use the tool to generate a same key which you have.UserA: scallion nsa
UserB: scallion nsaThis enables attackers to host un-official website using your .onion
hostname,
and in the worse scenario, like 3-letter agent did, infect a visitor with
a javascript virus.It's a great thing to get a memorable .onion address, but keep in mind,
this is seriously dangerous.—
Reply to this email directly or view it on GitHubhttps://github.com//issues/28
.
from scallion.
Sure, this is known as the "fuzzy fingerprints" attack. Google should turn up plenty of references to those search terms, but the gist of the attack is that most people just check the first and last few characters of the fingerprint (.onion address, in this case) because they can't remember it all.
I think that it's outside the scope of scallion (or even Tor, from a development prospective) to worry about this. Users are responsible for checking the entire fingerprint.
from scallion.
Related Issues (20)
- Does not work with numbers in query, please fix the regex HOT 3
- Windows10 x64 HOT 1
- `libssl1.0-dev` doesn't exist on Ubuntu 19.10 HOT 5
- -
- -
- Generate adresse with 012 89 HOT 2
- Scallion keys not working with recent TOR HOT 1
- Hash rate desreasing from 6000 MH/S to 300MH/S HOT 1
- .onion hash generator machine HOT 6
- System.TypeInitializationException: The type initializer for 'OpenSSL.Core.Native'
- ATAL UNHANDLED EXCEPTION: System.InvalidOperationException: ErrorCode:'-1' at scallion.CLDeviceInfo.CheckError
- Scallion won't run: System.InvalidOperationException
- Not exactly an issue / mining hardware links
- Support for new Tor v3 Onions HOT 1
- key generated HOT 3
- Do you know any GPU miner for V3 onion addresses? HOT 1
- Omnisharp compatibility
- Omnisharp compatibilty
- My speed HOT 3
- dotnet msbuild scallion.sln Segmentation fault (core dumped)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scallion.