下一代的 Tor Hidden Service

Tor 公佈了下一代的 Hidden Service (Onion Service):「Tor's Fall Harvest: the Next Generation of Onion Services」。

三年前 Facebook 自己暴力算出 facebookcorewwwi.onion 這個很特別的名字 (參考「Facebook 證明 Tor 的 Hidden Service 不安全」),這陣子連紐約時報也能暴力算出 nytimes3xbfgragh.onion 這個好名字 (參考「紐約時報網站上 Tor 的 Hidden Service (i.e. Tor Onion Service)」,這讓只有 16 chars 的 hostname 的 hashed-space 不夠大的問題愈來愈明顯 (只有 80 bits 的空間)。

如果你也想要找出一個有趣的 hostname 的話,可以用 lachesis/scallion 這樣的工具,這程式用 CPU 產生出 RSA key 後,再用 GPU 算 SHA-1

The inital RSA key generation is done the CPU. An ivybridge i7 can generate 51 keys per second using a single core. Each key can provide 1 gigahash worth of exponents to mine and a decent CPU can keep up with several GPUs as it is currently implemented.

也因為如此,Facebook 與紐約時報在上線時並不是直接在 Hidden Service 上裸奔,而是上了 HTTPS 作為 workaround,以避免資料外洩。

但這畢竟是 workaround,Tor 的人還是希望協定本身就可以提供一個夠安全的架構,而花了四年多發展出下一代的 Hidden Service,也就是這次提到的成果了。

最大的改變就是 hostname 變長很多了,從本來的 16 chars 變成 56 chars:

And finally from the casuals user's PoV, the only thing that changes is that new onions are bigger, tastier and they now look like this: 7fa6xlti5joarlmkuhjaifa47ukgcwz6tfndgax45ocyn4rixm632jid.onion.

hostname 變長主要是因為把整個 256 bits public key 放進去,可以從 spec 看到:

6. Encoding onion addresses [ONIONADDRESS]

   The onion address of a hidden service includes its identity public key, a
   version field and a basic checksum. All this information is then base32
   encoded as shown below:

     onion_address = base32(PUBKEY | CHECKSUM | VERSION) + ".onion"
     CHECKSUM = H(".onion checksum" | PUBKEY | VERSION)[:2]

     where:
       - PUBKEY is the 32 bytes ed25519 master pubkey of the hidden service.
       - VERSION is an one byte version field (default value '\x03')
       - ".onion checksum" is a constant string
       - CHECKSUM is truncated to two bytes before inserting it in onion_address

  Here are a few example addresses:

       pg6mmjiyjmcrsslvykfwnntlaru7p5svn6y2ymmju6nubxndf4pscryd.onion
       sp3k262uwy4r2k3ycr5awluarykdpag6a7y33jxop4cs2lu5uz5sseqd.onion
       xa4r2iadxm55fbnqgwwi5mymqdcofiu3w6rpbtqn7b2dyn7mgwj64jyd.onion

   For more information about this encoding, please see our discussion thread
   at [ONIONADDRESS-REFS].

這是因為在 ECC 的安全性被廣泛認可後,ECC 的優點就被拿出來用在這次設計上了:

  • 256 bits 的 ECC key 強度大約是 3072 bits RSA key (以現在最好的攻擊演算法來估算)。
  • 直接放 public key 不需要經過 hash function 計算,可以避免掉 hash function 被找到 collision 時的風險。

於是因為 hostname 放的下,就硬塞進去了 XDDD

不過如果要玩的人需要裝 alpha 版本,目前的 stable 版本還沒有這個功能:

Tor as of version 0.3.2.1-alpha supports the next-gen onion services protocol for clients and services! As part of this release, ​the core of proposal 224 has been implemented and is available for experimentation and testing by our users.

紐約時報網站上 Tor 的 Hidden Service (i.e. Tor Onion Service)

紐約時報官方把整個站台放到 TorHidden Service 上了:「The New York Times is Now Available as a Tor Onion Service」。

而且也買了 SSL certficiate:

The address for our Onion Service is:
https://www.nytimes3xbfgragh.onion/

讓所有人想看到的人都有辦法看到是紐約時報的目標,所以就推出了許多不一樣的方式讓使用者可以看到內容...

The Times is dedicated to delivering quality, independent journalism, and our engineering team is committed to making sure that readers can access our journalism securely. This is why we are exploring ways to improve the experience of readers who use Tor to access our website.

OnionShare:透過 Tor 的 Hidden Service 分享檔案

OnionShare 官網上的說明是這樣寫:

OnionShare is an open source tool that lets you securely and anonymously share a file of any size.

Wiki 的說明比較清楚,實際上是在本機開一個 Hidden Service,而使用者必須透過 Tor Browser 這類的服務下載,這樣可以達成提供者與下載者都彼此匿名:

OnionShare lets you securely and anonymously share files of any size. It works by starting a web server, making it accessible as a Tor onion service, and generating an unguessable URL to access and download the files. It doesn't require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor onion service to make it temporarily accessible over the internet. The other user just needs to use Tor Browser to download the file from you.

用法的部份就更清楚了:

Open OnionShare, drag and drop files and folders you wish to share into it, and click Start Sharing. After a moment, it will show you a .onion URL such as http://asxmi4q6i7pajg2b.onion/egg-cain. This is the secret URL that can be used to download the file you're sharing.

如果下載者不是那麼在意匿名性的話,Tor2web 這類的服務應該也可以用...

感覺以現在提供的功能來看還是不夠便利,實驗性質居多 XD

Debian 提供 Tor Hidden Service 更新 Apt

DebianTor Project 都宣佈了這個消息,兩邊的稿子都一樣:「Debian and Tor Services available as Onion Services」、「Debian and Tor Services available as Onion Services」。

站台列表在 https://onion.debian.org/ 這邊可以看到,當你有安裝 apt-transport-tor 時,可以透過 Tor 更新:

deb tor+http://vwakviie2ienjx6t.onion/debian jessie main
deb tor+http://vwakviie2ienjx6t.onion/debian jessie-updates main
deb tor+http://sgvtcaew4bxjd7ln.onion/debian-security jessie/updates main

Tor Hidden Service 本身就有一定的安全強度,而透過 APT 抓 Debian 套件的安全性還有 GnuPG 驗證把關,這樣看起來頗不賴...

讓 Tor 的流量變大也是讓 Tor 的隱私性變得更好的一種方法 (因為目前看到新的攻擊都是靠分析 traffic pattern,所以流量變大有機會讓雜訊變多一些)。

不知道 Ubuntu 有沒有機會也上一份...

RFC7686:保留 .onion 給 Tor 的 Hidden Services 使用

看到 Tor Project 很高興的宣佈 .onion 這個 TLD 在 RFC 7686 成為 Standards Track:「Landmark for Hidden Services: .onion names reserved by the IETF」。

而且也因為成為 IETF 的標準,在 CA/Browser Forum 上更有依據討論在上面的 CA 架構:

With this registration, it is should also be possible to buy Extended Validation (EV) SSL/TLS certificates for .onion services thanks to a recent decision by the Certification Authority Browser Forum.

.onion 的域名保護

.onion 被用在 Torhidden service,而現在從不同的面向要保護這個 root domain 不被註冊,在 IETF 的 blog 上看到「.onion」這篇文章就是其中一個方向。

這邊的計畫是把 .onion 域名當作像是 .local.localhost.example 這樣的特殊域名保護 (參考 RFC 6761「Special-Use Domain Names」) 而提了一個新的 RFC (目前是 draft):「The .onion Special-Use Domain Name」。

如果通過的話,就有一個標準可以遵循,不然現在對 .onion 一直都是 De-facto standard...

關於 .onion SSL Certificate 的表決 (Tor Network)

關於 .onion 的 SSL Certificate,在 CAB Forum 這邊提出來表決了:「Ballot 144 – Validation rules for .onion names」。

有些時間限制與一般的 SSL Certificate 不太一樣:

CAs MUST NOT issue a Certificate that includes a Domain Name where .onion is in the right-most label of the Domain Name with a validity period longer than 15 months. Despite Section 9.2.1 of the Baseline Requirements deprecating the use of Internal Names, a CA MAY issue a Certificate containing an .onion name with an expiration date later than 1 November 2015 after (and only if) .onion is officially recognized by the IESG as a reserved TLD.

然後:

On or before May 1, 2015, each CA MUST revoke all Certificates issued with the Subject Alternative Name extension or Common Name field that includes a Domain Name where .onion is in the right-most label of the Domain Name unless the Certificate was issued in compliance with this Appendix F.

等投票結束後再來看...

DigiCert 考慮開放 .onion 的 SSL certificate 簽章

前陣子 Facebook 提供 Tor 的 hidden service 時還提供了 SSL certificate,是由 DigiCert 簽的:「Supporting the Anonymous Use of Facebook via Tor」。

而 DigiCert 打算開放給一般人申請 .onion 的 SSL certificate:「DigiCert Considering Certs for Hidden Services」。

這件事情除了在技術的角度很特別外,在政治面的角度也值得被拿出來討論,也就是 DigiCert 承認 .onionTLD

各家搜尋引擎 (像是 GoogleDuckDuckGo) 開始爬 .onion 的資料也應該是遲早的事情?

Facebook 證明 Tor 的 Hidden Service 不安全

Facebook 宣佈了 https://facebookcorewwwi.onion/ 這個 Tor hidden service:「Making Connections to Facebook more Secure」,讓人可以直接在 Tor 的網路裡連上 Facebook。

Facebook 的人用的方法與其他人一樣,是透過 brute force 算出這個 hidden service。

但這也直接證明了 Tor Hidden Service 不安全:(參考這個註解的說明)

If Facebook has the resources to brute force their own full key, then you better believe the NSA and GCHQ do too. Which means that you will no longer know if the hidden service you're connecting to is the real one or the NSA/GCHQ version. Tor hidden services are now dead.

這次未免太精彩了 XDDD

行動平台上的 Tor browser

在「The problem behind mobile TOR browsers' ip disclosure」測了四個行動平台的 Tor 瀏覽器,其中三個是 Android 上的,一個是 iOS 的。

四個瀏覽器測試的結果中,只有 iOS 上的 Onion Browser (要 USD$0.99) 可以在修改設定後達到最低限度「隱藏 real ip」的標準:

作者的建議是不要在行動平台上有太多期望,隱藏 real ip 只是其中一個環節...