-
Notifications
You must be signed in to change notification settings - Fork 15
How to generate onion address
- scalion (GPU hashing, requires .NET or Mono)
- Eschalot (wordlist search, only Linux/Unix) (not covered by this guide, for now)
It is sometimes claimed that private keys generated by Shallot are less secure than those generated by Tor. This is false. Although Shallot generates a keypair with an unusually large public exponent e, it performs all of the sanity checks specified by PKCS #1 v2.1 (directly in sane_key), and then performs all of the sanity checks that Tor does when it generates an RSA keypair (by calling the OpenSSL function RSA_check_key)
Problem number one: generated keys have a much larger public exponent than the standard keys produced by TOR, which puts a somewhat higher load on the TOR relays.
Answer: it was concluded that the difference is negligible compared to the other encryption tasks the relays perform constantly. In eschalot, the largest public exponent is limited to 4294967295 (4 bytes).
Problem number two: TOR developers can decide to filter and block all the custom names.
Answer: yes, they can, but they have not yet and there is really no reason for them to do so. They can just as easily change the standard for the random names too and cause chaos and mass exodus on the network.
Problem number three: generated names are easily spoofed, since the visitor clicking on a link somewhere out there can be tricked by the seemingly right .onion prefix without checking the whole thing. To demonstrate, which one was the real SilkRoad?
silkroada7bc3kld.onion
silkroadqksl72eb.onion
silkroadcqgi4von.onion
silkroady3c2vzwt.onion
silkroadf3drdfun.onion
silkroadbdcmw7rj.onion
characters | time to generate (approx.)
-------------------------------------------------------------------
1 | less than 1 second
2 | less than 1 second
3 | less than 1 second
4 | 2 seconds
5 | 1 minute
6 | 30 minutes
7 | 1 day
8 | 25 days
9 | 2.5 years
10 | 40 years
11 | 640 years
12 | 10 millenia
13 | 160 millenia
14 | 2.6 million years
This guide is written based on ubuntu. We will cover here how to use scalion's GPU hashing with NVIDIA based graphic card.
- Update OS and repository cache
sudo apt-get update && sudo apt-get upgrade -y
- Install dependencies and tools which are required for this guide
sudo apt-get install -y nvidia-opencl-dev unzip libssl-dev mono-complete
- Get scalion (we will use binaries for this guide) and
cd
to that dir.
# Download latest scallion release
wget https://github.com/lachesis/scallion/raw/binaries/scallion-v2.0.zip
# Unzip scallion
unzip scallion-v2.0.zip
- If you get 1001 errors, you can try installing additional packages:
sudo apt install beignet beignet-dev ocl-icd-opencl-dev ocl-icd-libopencl1
- generate keys
mono scallion-v2.0/scallion.exe -d 0 ion
Source for this guide was this discussion on security.stackexchange.com.