Silk Road forums

Discussion => Security => Topic started by: wretched on September 28, 2012, 03:52 am

Title: random, rambling sueation from wretched
Post by: wretched on September 28, 2012, 03:52 am
either kmfkewm of shannon or QTC posted something about configuring a hidden service that required some sort of cookie checking voodoo before the site would even show as existing. Anyone sober enough to search for.repost that thread or just the how to implement it section. Not saying I am sober unough to read it, but would like to have it for future endeavers
Title: Re: random, rambling sueation from wretched
Post by: Shannon on September 28, 2012, 06:03 am
it's from the polyfront/bos/os/ovdb/who knows secure server guide

Quote
also, Tor supports secure authentication cookie, a little known feature. You can configure a hidden service to require clients to have an authentication cookie. If Tor clients do not have the authentication cookie, they can not even determine if the hidden service .onion exists or not, without doing an attack against the system anyway. This is also a good technique for private forums, considering you can ban someone from even being able to load your private .onion by removing the access rights of their authentication cookie from your hidden service.

awesome idea btw :D