Hacker News new | past | comments | ask | show | jobs | submit login

I'm hoping they just lucked out and came up with a backronym for it. I don't really know much about tor so I don't know how feasible bruteforcing is

FB engineer here. We got extremely lucky then went the backronym route as shawabawa3 guessed.

You got so lucky that you'll probably want to keep using that name forever. The longer it's used, the greater the probability of compromise of its secret key.

Which is why using TLS on top of the .onion address is brilliant: even if the secret key for the .onion address is compromised, the TLS certificate (which is rotated more often) will keep the connection safe. The worst that could happen would be someone hijacking the .onion address, but that would lead only to a DoS instead of the compromise that would happen without the redundant TLS layer.

And the certificate also helps validate that the .onion address is really from facebook: as someone observed elsewhere in this discussion, the certificate is also valid for the non-.onion addresses, so just examining its alternate names extension is enough to prove that the certificate owner could also get a valid certificate for www.facebook.com (meaning the certificate owner is very probably facebook itself).

Someone else said getting SSL certs for .onion in the SNI doesn't require ANY kind of validation.

So someone bruteforcing the .onion key could easily get their own valid SSL cert and have full access to the plaintext for anyone browsing the .onion site over SSL.

The security of facebook over onion is now only protected by the hash power required to brute force the vanity address, instead of the integrity of the SSL CA system or the power required in factoring an SSL key. Even the requirement to spoof DNS or perform actual man-in-the-middle-of-the-wire hijacks has vanished.

And here's a link to a comment from a HNer claiming to have just got a certificate for the very same facebook's .onion address:


This is a good idea for other tor services too as that 1024 bit RSA is looking pretty shaky these days. Hopefully the tor devs will give it a bump to 2048 or move to Curve/Ed25519 soon, before this becomes a real problem.

Progress: https://lists.torproject.org/pipermail/tor-dev/2013-August/0...

What we should expect is that facebook has enough computing power to bruteforce 12 to 13 characters in a reasonable timeframe.

Did you ask NSA for a full 16-character bruteforce? :)

Agreed. Likely they required facebook, and required that the rest of it would form words from some dictionary. I'd guess that the "i" at the end is a random alphanumeric (2⁵ possibilities). The positions of the words were likely arbitrary, since www comes after facebook. Lets arbitrarily say they have a word list of 128 words, that they want words from, all four letters long. This means we have 2⁷2⁷2⁵*4!/2 ~= 2²³ acceptable possibilities(the division because of the order of the random words).

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact