[Cialug] Interesting concept - sharing FILES with TOR!

Josh More jmore at starmind.org
Sat Feb 20 16:01:26 CST 2016 

Well, not really.

A single long, random URL is a single factor of authentication - what you
know.  However, so is a username and a password.  From a security
perspective, logging in with "billyjoebob" and a password of
"IceCreamRocks123!" is identical to accessing a URL like "
https://never.gonna.give.you.up/billyjoebobIceCreamRocks123!".   Generally
speaking, if a randomly generated URL has more bits/entropy in it than
username + password, it'll be more secure *IF* there is a brute force
detector and blocker built into "does not exist" URL manager.

To make it more secure, you'd need a second factor, such as "something you
are" or "something you have".  The problem is that adding either of these
would drastically reduce the anonymity of the service.

-Josh


On Sat, Feb 20, 2016 at 3:16 PM, kristau <kristau at gmail.com> wrote:

> Yeah, plus this needs some sort of authentication option. Simply
> providing a "random, unguessable URL" is obscure, not secure.
>
> On Sat, Feb 20, 2016 at 11:20 AM, Jeffrey Ollie <jeff at ocjtech.us> wrote:
> > On Sat, Feb 20, 2016 at 11:05 AM, L. V. Lammert <lvl at omnitec.net> wrote:
> >
> >>
> >>
> >>
> http://www.ostechnix.com/onionshare-share-files-of-any-size-securely-and-anonymously/
> >>
> >> Wonder what the NSA will have to say about this?
> >>
> >
> > Unfortunately, the anonymity guarantees of Tor aren't quite up to
> > protecting you from an entity like the NSA that can observe a large
> portion
> > the internet.
> >
> > Plus, it takes an incredible amount of discipline to avoid de-anonymizing
> > yourself by leaking information through other means.  That's how the
> > original Silk Road founder was caught - the FBI didn't break Tor, the
> Silk
> > Road founder made a mistake that linked his real identity to his Silk
> Road
> > identity.
> >
> > --
> > Jeff Ollie
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
>
>
>
> --
> Tired programmer
> Coding late into the night
> The core dump follows
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>

More information about the Cialug mailing list