Vanity .onion Tor Addresses

Published on April 27, 2020 by

Tor .onion domains are the hashes of public keys. Generally, they look random, but it is possible for am Tor hidden service operator to generate onion domains that start with a human readable part such as “silkroad7rn2puhj.onion”. Those are called “vanity onion addresses” and there are tools like Shallot and Eschalot that will create the customized .onion address.

The number of characters that can be customized are limited by processing power. Shallot published this table with the description “Time to Generate a .onion with a Given Number of Initial Characters on a 1.5Ghz Processor”:

characterstime to generate (approx.)
1less than 1 second
2less than 1 second
3less than 1 second
42 seconds
51 minute
630 minutes
71 day
825 days
92.5 years
1040 years
11640 years
1210 millenia
13160 millenia
142.6 million years

This means that generating an onion domain with 8 defined characters is simple even on a desktop machine.

Another tool to generate vanity addresses is Scallion, which describes itself as “GPU-based Onion Hash generator”. The author claims “For example on my nVidia Quadro K2000M, I see around 90 MH/s. With those speed I can generate an eight character .onion prefix in about 1h 41m“. His formula is “2^(5*length-1) / hashspeed”.

The Scallion readme mentions that a “AMD Vega Frontier Edition” has a hash rate of 7119 MH/s. That graphic card costs between $300 (used) and $1000 (retail price in 2017).

CharactersHash Speed MH/sEstimated Time in DaysHash Speed MH/sEstimated Time in Days
1900.0071190.00
2900.0071190.00
3900.0071190.00
4900.0071190.00
5900.0071190.00
6900.0071190.00
7900.0071190.00
8900.0771190.00
9902.2671190.03
109072.4071190.92
11902,316.67711929.29
129074,133.337119937.21
13902,372,266.47711929,990.73
149075,912,527.057119959,703.25

According to this calculation, a domain with 11 specific characters (for example “facebookcor”) would take less than 1 month on a $300 graphic card. Using 100 of those graphic cards would allow to crack 12 characters in less than 10 days and 13 characters in less than 300 days.

Note that a full (version 2) domain has 16 characters.

facebookcorewwwi.onion

Facebook generated its own domain “facebookcorewwwi.onion” for its Tor connecting Facebook site. According to the information below, only the first 8 characters “facebook” were defined, and the rest “corewwwi” happened because they got lucky. From https://news.ycombinator.com/item?id=8538334

It concerns me that they were able to brute force a key for facebookcorewwwi.onion. If they can do that, what’s to stop somebody else coming along and brute forcing a key for the same hostname.

User mike-cardwell on Oct 31, 2014

A response was posted on the “Tor Talk list” by Facebook engineer Alec on October 31, 2014:

Hi - My name¹s Alec, I work for Facebook and am the team lead for Facebook over Tor.

Long story short: details will come out later, but we just did the same thing as everyone else:
generated a bunch of keys with a fixed lead prefix ("facebook") and then went fishing looking for good ones.

I feel that we got tremendous lucky.

    - alec
https://archives.seul.org/tor/talk/Oct-2014/msg00433.html

Paid

There are services like https://peername.com/pricing/ that offer an 8-character onion domain for $19.98.

Address generator for Tor onion v3 (ed25519) hidden services

The project mkp224o can generate vanity addresses in the long v3 format. For context, here is part of the “rend-spec-v3.txt”:

The names in this format are distinct from earlier names because of their length. An older name might look like:

    unlikelynamefora.onion
    yyhws9optuwiwsns.onion

And a new name following this specification might look like:

    l5satjgud6gucryazcyvyvhuxhr74u6ygigiuyixe3a6ysis67ororad.onion

There is a detailed blog post specifically about generating v3 onion addresses here.

SHA-1 is not considered secure

In 2017 a SHA-1 hash collision was reported by Google researchers. According to this blog post, it “does not significantly impact Tor yet” and mentions that it is already addressed by the longer v3 onion addresses.

Higher cracking speeds?

There is an excellent blog post here about using the “NVIDIA Tesla V100 Data Center GPU” (cost: ~$10k retail) with a hash speed of 11,646MH/s at Amazon EC2 on a “p3.2xlarge instances for as little as $3.06 USD per hour” (and a “spot instance” for “as little as $1.01 USD per hour”).

At the time of writing, this cost is down to $0.918 per hour (source). Let’s assume the reported hash speed is 11,646MH/s and use the formula “time=2^(5*length-1) / hashspeed”. It would take 1.6 million years (= 2^(5*16-1)/(11646000000)/60/60/24/365) with a single GPU and cost $13 billion (= 2^(5*16-1)/(11646000000)/60/60*0.918).

CharactersEstimated Time in DaysEstimated Time in YearsCost
10.000 $                             0.00
20.000 $                             0.00
30.000 $                             0.00
40.000 $                             0.00
50.000 $                             0.00
60.000 $                             0.00
70.000 $                             0.00
80.000 $                             0.01
90.020 $                             0.39
100.560 $                           12.33
1117.900 $                        394.44
12572.902 $                  12,622.14
1318,332.8250 $                403,908.62
14586,650.131,607 $          12,925,075.70
1518,772,804.2251,432 $        413,602,422.51
16600,729,734.941,645,835 $  13,235,277,520.25

As you can see in the table, with the before mentioning pricing and hash rate, only up to 13 out of 16 characters are now crackable at a cost of less than $500,000.

What happens if 2 servers announce the same onion key?

According to this post, the most recently announced one will be the “valid” one:

If two people have the keys and update it, whichever publishes most recently will be believed as genuine and clients will be directed there.

This is bad if the second site to publish is a fake, but the network has no way of knowing if you are just upgrading servers, taking a site back from a scammer, or “stealing” one yourself.

Related articles

Newsletter 2020-05-11

Published on May 11, 2020 by

May 2020: New dorks website, Tor, DDoS test and a Europol takedown Our dataset continues to grow significantly: 17,660,962,195 selectors In the past few months, we have invested in 200+ TB of enterprise storage which allows us to scale up data collection even more. As for the public web, we are currently crawling these TLDs:


Can we DDoS ourselves? We are about to find out. Live self-ddos on 10.05.2020 13:00 UTC

Published on May 9, 2020 by

On Sunday, May 10, 2020, we will DDoS our own website, intelx.io. We will live tweet and update this blog post with any developments and the outcome. The attack will be executed in the same fashion as an actual attack: we’ll do some research, then pay a shady DDoS provider in Bitcoin (and hope they


Combating spam websites from Tor

Published on April 27, 2020 by

Certain actors spam Tor by creating many duplicate websites under different .onion domains and then linking them to each other. The cost of doing that is pretty low, considering that all you need is creating a new public key pair (the onion domain is the hash of the public key). In theory anyone can create


Search the blog: