hello, im doin an investigation about tor for my project of college. As a result i found out about the hidden stealth (?) services. My question now is, whats the difference between hidden services and hidden stealth services, if there are this stealth services. I couldnt find any helpful posts.
Thx a lot.
When it comes to hidden services. The stealth option has been changed to âclient authorizationâ. In where you run a hidden service but tor will check if the person connecting has a special key to be able to access your hidden service.
This is great if you have only âNâ number of small users who will access your site. (and you have to know these small users because you have to manually give them the key to access it via email, in person, in usb, etc)
thanks a lot!
So my understanding is, that normal âHidden Servicesâ are listed in the Tor directory and therefore discoverable. What can attackers do with the information listed in the directory and can I proactively do something to harden against such attacks?
And further, do authenticated hidden services prevent these kind of attack vectors? I.e. do outsiders already have contact to my authenticated hidden service" or is the key check done somehow and somewhere before?
Background of this question comes from watching the following video (starting at minute 1:30):
https://inv.riverside.rocks/watch?v=n3EWENfaMOs&t=90
Thanks for the answer. I think I imagined the distributed hash table as a kind of âTor Directoryâ which is obviously wrong.
So in the hash tables one can find just the addresses of the 3 introduction points, not my hidden service, right? These introduction points will also check if the connecting client has the authentication keys needed I reckon? So if a client canât provide them no single data packet from them will reach my hidden service?!
yeah in the DHT u can only find the IPs of the intro. points and the HS public key. The HSDir gives the DHT to the Client and the Client can encrypt the hash table cause the hash of the table is the onion adress. the client then connects to one random introduction point which is already in line with the HS. The HS then decides if he wanna talk to the client.
Thats how i understand it works in general.
Yes, your onion service will upload an encrypted data to HSDirs. If you enable client authorization, clients wonât connect without the private key. You can use client authorization to protect your Onion Service against DoS attacks (see our docs).