Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Also commented downthread, but we got extremely lucky then went the backronym route as shawabawa3 guessed. (I'm an engineer at FB.)


That is extremely lucky. That's, what, 82 bits if you'd chosen the whole thing?

A more manageable 61 bits for 12 characters or so, from my recollection. Did you pile a dictionary attack on top of that?

I don't believe this does "break hidden services". That's just a truncated key fingerprint, not the key, and a collision would I suspect (but haven't checked) be a loudly visible error.


Roger Dingledine (Tor project, not FB) shared some accurate background here: https://lists.torproject.org/pipermail/tor-talk/2014-October...


>That's just a truncated key fingerprint, not the key, and a collision would I suspect (but haven't checked) be a loudly visible error.

Actually, a name collision would still mean hijacking the traffic, even if they don't have the same private key. The last HS to announce "owns" the name.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: