Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I feel like whatever scheme you use, if it is too simple there won't be enough unique keys to go around, but if it is complex enough it can be subtly changed in ways a human would find hard to notice.


Isn't the whole point of a hash that you can't "subtly" change it?


that's the point of a machine-checked hash, because computers are really good at exact equality operations. humans have a much harder time with it.


Would you notice if someone changed the "f" in the middle of that onion link to an "l"?


Again, it's impossible, or should be impossible, to easily change a single character in a hash. The avalanche effect means that small changes in the input data will result in huge changes to the hash.


The input data in this case is the private key so if you had that available to change, you would not need to do anything more as you could already control the real .onion domain.

The attack on things like onion domains would be finding another domain that to a human looks similar enough to be mistaken for the real deal. You'd do that by brute forcing (same as what Facebook did to get the "facebook" prefix in their onion domain) and for a sucessfull attack the space you need to brute force is limited by what humans can distinguish, which is smaller than the whole hash space.


On the other hand, it's probably easy to brute force search a hash which is visually close enough for most people to not notice the difference.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: