I wonder if Debian volunteers searching a more friendly tor address?

akerro · on Aug 2, 2016

There is very little benefit from such addresses http://news.netcraft.com/archives/2014/06/25/steam-phishing-...

raverbashing · on Aug 2, 2016

I disagree

Domain squatting is even harder on tor, but how am I supposed to know the real Debian is on xyabdjfhkj1345 or xvhdjakeueg12567?

throwaway7767 · on Aug 2, 2016

If debian generated an onion address like debiandebxwnjx6t.onion (just made that up), how would that help you determine that the .onion address is owned by debian?

All it proves is that someone ran a vanity key/address generator on his GPU for a couple of days to get a nice-looking prefix. I could do the same thing at home and get a different address with the same prefix, and you wouldn't be able to tell the difference without comparing the whole address.

raverbashing · on Aug 2, 2016

You're right, by itself it doesn't

However, with several Debian volunteers they can get a more friendly-looking address. One person alone with a GPU can't compete with that

It's a proof of work (just like bitcoin)

wcummings · on Aug 2, 2016

One person with a botnet can compete

ashitlerferad · on Aug 3, 2016

You need a trust path to the Debian sysadmins. The best option right now is the HTTPS on onion.debian.org and the knowledge that Debian uses Lets Encrypt.

ryan-c · on Aug 2, 2016

Re domain squatting, it's not as hard as you probably think it is to generate an onion addresses that is a near collision.

dublinben · on Aug 2, 2016

You know because they published this list. This page is HTTPS with a certificate that you (presumably) trust.