This article can often contain rather random Tor .onion links. I\u2019ll show you how to create a custom .onion address for use with Tor hidden services.<\/p>\n
Custom .onion links often help other Tor users find and recognize your site.<\/p>\n
For example, close the Facebook .onion hidden service that allows users to access the Facebook website securely.\u00a0The Facebook .onion link is facebookcorewwwi.onion.<\/p>\n
For a public key hash that is randomly generated, it doesn\u2019t look very random, and many users wonder how they forward the full .onion link.<\/p>\n
The article below explains more about the processes Facebook took to create its custom .onion link.<\/p>\n
Quote from Tor \u201cThe short answer is that for the first half (\u201cFacebook\u201d), which is only 40 bits, they generated keys over and over until they got some keys whose first 40 bits of the hash matched the required string.\u00a0\u201c<\/p>\n
https:\/\/blog.torproject.org\/blog\/facebook-hidden-services-and-https-certs<\/a><\/p>\n https:\/\/en.wikipedia.org\/wiki\/Birthday_attack<\/a><\/p>\n In this article, we will not be creating an .onion link like Facebook\u2019s fancy .onion link because we don\u2019t have that kind of computing power to process the entire address as it would take an immeasurable amount of time.<\/p>\n To create custom .onion links, we can use the open-source tool Shallot.<\/p>\n Shallot allows you to create custom .onion addresses for Tor hidden services.<\/p>\n Individual approach means that part of the address can be selected.<\/p>\n Selecting the entire address will take much longer, as stated above.<\/p>\n # sudo apt-get install libcurl4-openssl-dev<\/p>\n # git clone https:\/\/github.com\/katmagic\/Shallot.git Shallot<\/p>\n # cd Shallot # .\/shallot ^test<\/p>\n \u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014- \u201cIt is sometimes claimed that private keys generated by Shallot are less secure than those generated by Tor.<\/p>\n This is incorrect.\u00a0Although Shallot generates a key pair with an unusually large common exponent e, it performs all the sanity checks specified in PKCS#1 v2.1 (directly in sane_key), and then performs all the sanity checks that Tor does when it generates RSA\u00a0(by calling the OpenSSL RSA_check_key function).<\/p>\n Setting up a Tor hidden service is fairly simple, it requires running a web server on the machine and setting the HiddenServiceDir and HiddenServicePort in the tor configuration file.<\/p>\n Location of torrc: \/etc\/tor\/torrc<\/p>\n # nano \/etc\/tor\/torrc <\/p>\n When Tor starts a hidden service, it generates a new public\/private key pair for the hidden service.<\/p>\n The key pair is then written to the private_key file.<\/p>\n Webmasters are advised to keep this key safe from others to prevent an attacker from gaining access to these keys so that they can impersonate a hidden service and perform various Man-in-the-Middle and Downgrade attacks on the targeted Tor hidden service.<\/p>\n If you replace the RSA private key (including its header and footer) in the private_key file in the HiddenServiceDir specified in your torrc, then when you restart Tor, a hostname file will be created in HiddenServiceDir that contains your new .onion\u00a0address.<\/p>\n The execution time required to create custom .onion links<\/p>\n Tor .onion connection generation time with a given number of initial characters on a 1.5 GHz processor<\/p>\n Generation time (approx.)<\/p>\n 1 less than a second<\/p>\n 2 less than a second<\/p>\n 3 less than a second<\/p>\n 4 \u2013 2 seconds<\/p>\n 5 \u2013 1 minute<\/p>\n 6 \u2013 30 minutes<\/p>\n 7 \u2013 1 day<\/p>\n 8 \u2013 25 days<\/p>\n 9 \u2013 2.5 years<\/p>\n 10 \u2013 40 years<\/p>\n 11 \u2013 640 years<\/p>\n 12 \u2013 10 thousand years<\/p>\n 13 \u2013 160 thousand<\/p>\n 14 \u2013 2.6 million years<\/p>\n Shallot Git Repo<\/strong><\/a><\/p>\nShallot Installation<\/h3>\n
\n# .\/configure && make
\n# .\/shallot <\/p>\nUsage<\/h3>\n
\nFound matching pattern after 99133 tries: testvztz3tfoiofv.onion
\n\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014\u2014-
\n\u2014\u2013BEGIN RSA PRIVATE KEY\u2014\u2013
\nMIICXgIBAAKBgQC3R85m6NQaA1ZjaYqvz1hvFIjbL4RtKdJbG8hlC9xEBkvfr\/BG
\n8Z5vDiUzdbDt8mEBuZUDanx80uGJvbXTgmczX0UlkEOgGiZ8RKpnsbKaf\/EJNrIw
\nT7MSXQmWNcm22nDeViV7fwy+Usyal2RE5cdVCFsPtEbVZqCumlKkEgCyFwIDBAZ7
\nAoGBAJSa2cGuru\/XhzJAEAIwHZbgPDnum9T\/srOYxUKW6afHZeOu5S4Cclwb+xb\/
\npGOtzn71XZfCKMfiVdxB\/f3XTcRrYB2VnBoNToTD7WfH6DksdDf4zunqiEjvxi9K
\nR+tKhxmF7OedrRt8wIhUmFd1E2Q9nbTHI6icdB4kR4QkYKZzAkEA5M6samK7+495
\n6SWpRXiePIs7sHKWuxdCrG7kW5RNJrv2CcGYwK46TPcaXBcRfM4eq9+9PGoKi0IO
\ngSpOZ5vRYQJBAM0QAZYTZ6ApD014x372MX1ZNofuYL\/+XF8ZPZV6Sh4+9MUBuNPb
\nyL7BENDr6pX4Zm6OepvAphhCa4vGno2pHncCQQCQnfhUCHANU4bjtX4EOoI63WDq
\nUwBOeIWxu0YvGt7Z25Dg9CNz\/aX8UZIoj6VyKxLRbR9+K3mNrNgaopW+ZDKzAkEA
\nttgTK1ALe+3v+5H+Ez1SvFPREDFcHihrfD1Ipc5zicY9ixTArgdyZvk+Pi+AMBVV
\nsL2HWvjRLEAgRclvKfkwWwJAFtM+BIGRM5me+fMALuBBEtKnbJ6maflsyucErEb0
\npIIBkovF5oyWO3lSBmtStJIANNkHOg8aXqjcgPKusDN7CQ==
\n\u2014\u2013END RSA PRIVATE KEY\u2014\u2013<\/p>\nAbout the security of generated key pairs<\/h3>\n
Adding a new RSA private key to the Tor hidden service<\/h3>\n