[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Are Impersonation Attacks Possible with v2 Hidden Services?

Checking for updates at a Debian HS repository showed a list of strange updates. I decided to quit without downloading them and a later check didn’t show the same results. The address should have been the same because I didn’t change it.

Are impersonation attacks possible with v2 Hidden Services?

1 Like

Hi 9jnc7

Are impersonation attacks possible with v2 Hidden Services?

Yes, if an attacker steals an .onion service private key.

Taken from https://www.torproject.org/docs/tor-onion-service

private_key
First, Tor will generate a new public/private keypair for your onion service. It is written into a file called “private_key”. Don’t share this key with others – if you do they will be able to impersonate your onion service.

2 Likes

Thank you dear 0brand for this explanation.

ef86

Thanks @0brand.

SHA1 is not broken in any meaningful way that allows impersonation for now.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]