[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Are Impersonation Attacks Possible with v2 Hidden Services?


#1

Checking for updates at a Debian HS repository showed a list of strange updates. I decided to quit without downloading them and a later check didn’t show the same results. The address should have been the same because I didn’t change it.

Are impersonation attacks possible with v2 Hidden Services?


#2

Hi 9jnc7

Are impersonation attacks possible with v2 Hidden Services?

Yes, if an attacker steals an .onion service private key.

Taken from https://www.torproject.org/docs/tor-onion-service

private_key
First, Tor will generate a new public/private keypair for your onion service. It is written into a file called “private_key”. Don’t share this key with others – if you do they will be able to impersonate your onion service.


#3

Thank you dear 0brand for this explanation.

ef86


#4

Thanks @0brand.


#5

SHA1 is not broken in any meaningful way that allows impersonation for now.