How do Hidden Services get .onion domains that aren't random?

  • Hidden Services usually have a long-ish string of alphanumeric characters for their .onion address, and this is generated by Tor as part of the Hidden Service Configuration.

    How did some Hidden Services get 'memorable' .onion addresses such as

    • Tor Wiki - torwikignoueupfm.onion
    • A mirror of The Hidden Wiki - wikitjerrta4qgz4.onion (notice it starts with wiki)

    They *are* random. They just keep generating the random addresses until they start with something they want.

    @minitech - answers go in the answers section. The comments are for discussion about improving the question, or clarifying what the question is asking.

    I know, but I don’t have any good resources yet.

  • IceyEC

    IceyEC Correct answer

    9 years ago

    They use a tool like Shallot to brute-force the onion address.

    What Shallot does is to generate a private key in the same way that the Tor software does when generating a new hidden service address. It then manipulates the public key portion of the key to create new versions of the .onion address and checks through those to see if they match the desired address.

    It generates a new private key periodically. The keys generated by Shallot and other methods of brute forcing an onion address have a larger than average public key component but are syntactically fine and pass all tests ensuring that they are good keys.

    Shallot is run like this:

    $ ./shallot ^test
    Found matching pattern after 99133 tries: testvztz3tfoiofv.onion
    -----END RSA PRIVATE KEY-----

    By passing it a regular expression, you can describe what you want your .onion address to look like. Using this hostname and private key you can create the hostname and private_key files that tor expects to find in the hidden service directory.

    // , @minitech I'd love to see an example of this, if you'd be willing to add a short answer with screenshots.

    I'm the one who _wrote_ the post :)

License under CC-BY-SA with attribution

Content dated before 7/24/2021 11:53 AM