[tor-talk] How hard would it be to copy an onion address?

Jonathan Marquardt mail at parckwart.de
Thu Dec 22 16:35:16 UTC 2016


On Thu, Dec 22, 2016 at 11:20:00AM -0500, hikki at Safe-mail.net wrote:
> There's a program out there that utilizes the GPU in your system to create a 
> custom, kind of, onion address. At least the few first characters at the 
> beginning of the address. So you can create an onion address like 
> googleja6vbnyma6.onion. I've seen people being able to create a 7 character 
> long custom name at the beginning of their addresses.

I have one with 9 characters. Took me a little more then three hours.

> I guess this program creates loads of onion addresses, with the help of the 
> GPU, and stops when it accidentally gets the "name" that you want.
> Is that correct?

Yep. See:

https://github.com/katmagic/Shallot
https://github.com/lachesis/scallion

> Anyway. The GPU's are just getting stronger these days! And people can have 
> quad-SLI too, with 4 hardcore GPU's working in unison. Like 4 x TitanX.
> So how hard would it be, more like how LONG would it take, to duplicate an 
> onion address with the video cards that are available to the consumers today?
> Not to mention Intel (and soon to be AMD) server CPU's with tons of cores in them.

Onion addresses use Base 32. The probability of bruteforcing a custom domain 
is - I think -  32^n, n being the amount of characters you want to brute 
force. complete 16-characters-long onion domain you need about 32^16 tries. 
This is probably more complicated since there's actually a 1024-bit-RSA key 
behind this domain.

While this is certainly not easy to brute force yet, next generation onion 
services will be quite a bit more secure in this regard. See below.

> Question 2: Will the next generation hidden services get longer onion names?

Yep, about 52 characters.


More information about the tor-talk mailing list