Checking for updates at a Debian HS repository showed a list of strange updates. I decided to quit without downloading them and a later check didn’t show the same results. The address should have been the same because I didn’t change it.
Are impersonation attacks possible with v2 Hidden Services?
Hi 9jnc7
Are impersonation attacks possible with v2 Hidden Services?
Yes, if an attacker steals an .onion service private key.
Taken from https://www.torproject.org/docs/tor-onion-service
private_key
First, Tor will generate a new public/private keypair for your onion service. It is written into a file called “private_key”. Don’t share this key with others – if you do they will be able to impersonate your onion service.
Thank you dear 0brand for this explanation.
ef86
SHA1 is not broken in any meaningful way that allows impersonation for now.