Onion service should have a random prefix · guardianproject/haven#47

(3 comments) (0 reactions) (0 assignees)Java (6,509 stars) (747 forks)batch import

enhancementhelp wantedlow-priority

Description

Until next gen onion services are live, the actual onion addresses aren't private from HSDir nodes. So it's possible that Haven onion services could get discovered by an attacker, giving them access to all of the evidence logs.

The easiest way to thwart this is to generate a random string and prefix all the URLs with it. So instead of starting with just http://blahblahblah.onion:8080/, the URLs should start with http://blahblahblah.onion:8080/randomstring/. This way, if an attacker discovered the onion service, they won't be able to view the logs without guessing the value of randomstring -- which is essentially a random password. This is how OnionShare URLs works.

Contributor guide

Tech stack: javaandroid
Domain: security
Issue type: feature
Difficulty: 3
Estimated time: half day
Activity status: stale
Clarity: clear
Prerequisites: Android development basicsUnderstanding of Tor onion services
Newbie friendliness: 45
Research direction: First, scan the codebase for how the onion URL is generated and used. Check for any existing URL prefix or path handling. Likely files include activities or services that construct HTTP URLs. Also investigate the Tor service setup in the app. The issue is similar to OnionShare's approach; reviewing their implementation may provide guidance. No linked PRs or recent comments to draw from.