Facebook 證明 Tor 的 Hidden Service 不安全

Facebook 宣佈了 https://facebookcorewwwi.onion/ 這個 Tor hidden service:「Making Connections to Facebook more Secure」,讓人可以直接在 Tor 的網路裡連上 Facebook。

Facebook 的人用的方法與其他人一樣,是透過 brute force 算出這個 hidden service。

但這也直接證明了 Tor Hidden Service 不安全:(參考這個註解的說明)

If Facebook has the resources to brute force their own full key, then you better believe the NSA and GCHQ do too. Which means that you will no longer know if the hidden service you're connecting to is the real one or the NSA/GCHQ version. Tor hidden services are now dead.

這次未免太精彩了 XDDD

This entry was posted in Computer, Murmuring, Network, P2P, Security, Software, WWW and tagged , , , , . Bookmark the permalink.

3 Responses to Facebook 證明 Tor 的 Hidden Service 不安全

  1. CC says:

    我倒是奇怪DigiCert為甚麼會出SSL CERT給 .onion...

  2. Pellaeon Lin says:

    那串文字好像被移除掉了,Tor 的說法:https://blog.torproject.org/blog/facebook-hidden-services-and-https-certs

  3. sueboy says:

    http://www.ithome.com.tw/news/92044

    不好意思,但看這篇文章的說明,好像是另一回事,但可能是自己搞錯。

Leave a Reply

Your email address will not be published. Required fields are marked *