Vanity Whonix v3 onion domain?

How about a vanity Whonix v3 onion?

Apparently it isn’t that hard to create a v3 onion address for something matching the first six characters you’d prefer - with a reasonably powerful PC it might only take 10s of minutes at that length.

Raspberry Pi estimates re: generation usking mkp224o (see Tor Onion v3 Vanity Address).

Vanity Characters : Approximate Generation Time
1 : <1 second
2 : <1 second
3 : 1 second
4 : 30 seconds
5 : 16 minutes
6 : 8.5 hours
7 : 11.5 days
8 : 1 year
9 : 32 years
10 : 1,024 years
11 : 32,768 years
12 : 1 million years
13 : 32 million years
14 : 1 billion years
15 : 32 billion years
…

So you could imagine generating something like:

whonixdebrkhllykiyiztbpg6fokecmzhxvj4buig5qss5m4wasn5yyd.onion

Why?

1. brand recognition
2. users/interested observers will have greater confidence in a more recognizable onion i.e. they’ll learn to recognise the first 10 digits or so (thus providing better security as a side effect)
3. anybody trying in the future to mimic the Whonix v3 onion to X digits will have great difficulty e.g. once they try for 12 digits (?) or more that match, they are (probably) out of luck even with their supercomputers
4. you can brag to your dev friends

Two options are still operational (at least):

• mkp2240: GitHub - cathugger/mkp224o: vanity address generator for tor onion v3 (ed25519) hidden services
• oniongen-go: GitHub - rdkr/oniongen-go: 🔑 v3 .onion vanity URL generator written in Go

How long will it take? (my bold)

mkp224o states:

Because of probablistic nature of brute force key generation, and varience of hardware it’s going to run on, it’s hard to make promisses about how long it’s going to take, especially when the most of users want just a few keys.
See this issue for very valuable discussion about this.
If your machine is powerful enough, 6 character prefix shouldn’t take more than few tens of minutes, if using batch mode (read OPTIMISATION.txt) 7 characters can take hours to days.
No promises though, it depends on pure luck.

You might enjoy playing with this? Not many have bothered with v3 vanity onions, so you could be a bit of a trendsetter in that regard.

Sounds doable

Disadvantages:

• We shouldn’t teach users to trust any onion domains from their name. An imposter could create another vanity domain that also starts with the whonix string.
• Potential security issues (impersonating of vanity URL). The vanity URL is generated a tool other than the official tool to do so (which is Tor). Entropy/security of the key could be lower. Cryptography is hard. This might be false but it would require research to find out. Any statements on that subject by Tor Project?
  • A trustworthy way to implement such a generator would use Tor itself to create zillions of onion keys, see what onion hostnames these would produce, discard uninteresting ones. Keep interesting ones. Everything else I suppose will always have a residual lingering amount of doubt attached. I.e. a tool that is just automating using Tor to generate onion keys.
• Most characters of onion domain are still random.
• System administration effort of redirecting the current non-vanity onion v3 to hypothetical new onion v3 domain.

Yeah - good points. Not worth worrying about.

(Although one of those former Tor Project developers - Yawning Angel? - used to have a relevant tool up on GitHub, so it can’t be that risky in practice.)