Старый домен все?
xss.pro в TOR (зеркало)
- Автор темы admin
- Дата начала
Как удалось на v3 более-менее адекватное начало выбрать xssforumv3... ?!
Интересно только как долго они генерировали его, потому что это невероятно долго на i9 9900k делать даже 7 символов, а в домене 10 символов подбирали.
- Автор темы
- Добавить закладку
- #66
А если точнее, то xssforumv3is......vsburuid.onion - 13 символов. Очень тяжело и долго. Частично по словарям и на очень мощном облачном железе. Vanity ed25519 генерируются "туго" и только на CPU. Да, есть и пару утилит для GPU, но лично у меня они показали хуже результат, чем cpu'шные. Смотрите в сторону mkp224o, horse25519, oniongen-go и tor-v3-vanity (на gpu).
В будущем обязательно появятся более мощные gpu софтины, наработки на гитхабе и в доках уже давно есть. Все будет. Но, если в целом, процесс подбора совершенно не стоил потраченных усилий. Для меня это был больше эксперимент. На практике гораздо проще сгенерить 3-4 символа и не париться. Все равно, адрес состоит из 56 символов, запомнить его или сделать "красивым" невозможно.
v3, работает шустрей, спасибо!
About the xss.pro Tor V3 Onion SSL Cert Error
blog.torproject.org
Get a TLS certificate for your onion site | Tor Project
We are happy to share the news of another important milestone for .onion services! You can now get DV certificates for your v3 onion site using HARICA, a Root CA Operator founded by Academic Network (GUnet), a civil society nonprofit from Greece.
blog.torproject.org
- Автор темы
- Добавить закладку
- #69
Включена переадресация со старого домена - на новый xss.pro
Thanks a lot. Yes, I have seen already. I know, that those greeks started to issue onion certs. But at this moment I don't know, is it good idea to buy it. Very few sites received them, so it is increased attention, thorough check and so on. Not sure that it has sense on now. But I'm watching.
ok what you want, exploit.in use it
(we suggested it to them too)
Перестала загружаться onion версия. Время ожидания истекло пишет.
@admin, may we know why you guys are redirecting the traffic to the HTTPS onion service from the "insecure" onion service?
It doesn't happen every single time, only 90% of the time. It hasn't happened before.
It doesn't happen every single time, only 90% of the time. It hasn't happened before.
Согласен с последним вопросом, можно не перенаправлять принудительно трафик onion в tls? После нажатий ссылок вылетает ошибка.
да ты что, зато секьюрно же, мы шифруем шифрованный трафик, так, что ты должен расшифровать, прежде чем расшифровывать
You do know that hidden onion services don't exit the onion network, right?
Exit nodes aren't used when navigating through hidden onion services.
Do you verify the onion address every time you access XSS through the onion service (xssforumv3isucukbxhdhwz67hoa5e2voakcfkuieq4ch257vsburuid)?
The certificate XSS uses is self-signed, PamLimited Ltd is not a CA, which means that if it's easy for XSS to generate xssforumv3, it's easy for an attacker to do that as well and execute MITM attacks, especially in the next 10 years.
Most people only verify the first and easy-to-remember part of the onion service.
Do you trust a certificate that expires in 10 years? Because I don't. Maybe if XSS rotated its certificate every 3 or less months.
I don't know if the XSS server is hosted in the same machine as the onion service.
If it isn't, I completely agree with the use of HTTPS.
@admin, any comments about this?
- Автор темы
- Добавить закладку
- #76
Появилось мнение головастых и умных людей. Говорят, шифрованный https в торе лишним не будет. Хотя раньше считалось, что в случае tor'a - это излишество, просто излишнее шифрование. Но поскольку народ не доволен, я убрал. Вернем обратно, когда получим для onion адреса платный сертификат.
No, it isn't.
В случае onion доменов, насколько мне известно,, действительно нет смысла в ssl/tls, т.к. нет возможности собирать трафик с выходной ноды, так как от 3-й ноды к домену зоны onion идет трафик все еще шифрованный, он в отличии от обычного тор трафика имеет 4-е слоя шифрования, и последний снимает сам onion сайт.
Thank you for your reply and quick action.
If the onion service is not hosted in the same machine, you should, either, forward the encrypted message to the external server, or use HTTPS for the onion service, which will decrypt the message in the external server.
I'm not against using extra encryption at all, the only problem was when using the "unsecured" onion service of XSS, it would redirect you to the HTTPS onion service.
That made me wonder if XSS could have been compromised in any way. It's better to let an administrator know what's going and see if it was compromised or it was excepted behavior.
Self-signed certificates are fine, but they must rotate within 3 or less months. LE from many countries is all over this forum or at least I assume so.
That's why most onion services that want to stay anonymous, rotate their private key and have different onion services from time to time.
You're almost right.
That happens when connecting to a clear-net endpoint that uses HTTPS (4 layers of encryption).
- HTTP (3 layers of encryption)
-
Код:
YOU -> GUARD (#1) -> MIDDLE (#2) -> EXIT (#3) -> ENDPOINT (#4) - #1 receives the encrypted message (#3 + #2 + #1), then proceeds to decrypt the message with its private key and forwards it to the middle node.
- #2 receives the encrypted message (#3 + #2), then proceeds to decrypt the message with its private key and forwards it to the exit node.
- #3 receives the encrypted message (#3), then proceeds to decrypt the message with its private key and forwards it to the HTTP endpoint with no encryption.
- #4 receives the unencrypted message.
-
- HTTPS (4 layers of encryption)
-
Код:
YOU -> GUARD (#1) -> MIDDLE (#2) -> EXIT (#3) -> ENDPOINT (#4) - #1 receives the encrypted message (#4 + #3 + #2 + #1), then proceeds to decrypt the message with its private key and forwards it to the middle node.
- #2 receives the encrypted message (#4 +#3 + #2), then proceeds to decrypt the message with its private key and forwards it to the exit node.
- #3 receives the encrypted message (#4 +#3), then proceeds to decrypt the message with its private key and forwards it to the HTTPS endpoint.
- #4 receives the encrypted message (#4) and proceeds to decrypt the message with its private key.
-
- ONION Service (7 layers of encryption)
-
Код:
YOU -> GUARD (#1) -> MIDDLE (#2) -> RENDEZVOUS (#3) -> MIDDLE (#4) -> MIDDLE (#5) -> GUARD (#6) -> ONION SERVICE (#7) - #1 receives the encrypted message (#7 + #6 + #5 + #4 + #3 + #2 + #1), then proceeds to decrypt the message with its private key and forwards it to the middle node.
- #2 receives the encrypted message (#7 + #6 + #5 + #4 + #3 + #2), then proceeds to decrypt the message with its private key and forwards it to the rendezvous node.
- #3 receives the encrypted message (#7 + #6 + #5 + #4 + #3), then proceeds to decrypt the message with its private key and forwards it to the middle node.
- #4 receives the encrypted message (#7 + #6 + #5 + #4), then proceeds to decrypt the message with its private key and forwards it to the middle node.
- #5 receives the encrypted message (#7 + #6 + #5), then proceeds to decrypt the message with its private key and forwards it to the guard node.
- #6 receives the encrypted message (#7 + #6 ), then proceeds to decrypt the message with its private key and forwards it to the onion service.
- #7 receives the encrypted message (#7), then proceeds to decrypt the message with its private key.
-
Tor зеркало падает только у меня ? 24 часа назад тоже 3-5 часов штормило
Не не только у тебя , работал 5 часов назад ,сейчас в оффе.
ддосят может? раз в неделю полюбэ наипнется.