2. Derive the public key from that private key (plus whatever else you must do) to generate the corresponding onion address for that all-zeros private key.
3. Type that onion address into a Tor browser and see what you get back.
If what I just described is not even "remotely feasible," then one ought to be willing to type that addy into Tor browser running on their raw hardware and rest assured there is no possible way someone is running a (probably nefarious) service running at that address.
Are you willing to do that?
If not, what I'm talking about is just adding some leading, non-random, nonzero bits to that "all-zeros" private key.
It's not a secure design, but if all people want is to send files that are too big for email it's no worse than using password authentication to log in to, say, msn.com.
1. Set a hidden service private key to all zeros.
2. Derive the public key from that private key (plus whatever else you must do) to generate the corresponding onion address for that all-zeros private key.
3. Type that onion address into a Tor browser and see what you get back.
If what I just described is not even "remotely feasible," then one ought to be willing to type that addy into Tor browser running on their raw hardware and rest assured there is no possible way someone is running a (probably nefarious) service running at that address.
Are you willing to do that?
If not, what I'm talking about is just adding some leading, non-random, nonzero bits to that "all-zeros" private key.
It's not a secure design, but if all people want is to send files that are too big for email it's no worse than using password authentication to log in to, say, msn.com.