mirror
/
Enterprise-Onion-Toolkit
kopia lustrzana https://github.com/alecmuffett/eotk
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

commit: updated.

pull/95/head
Alec Muffett 2021-05-18 12:58:45 +01:00
rodzic 8344ee81c1
commit 9448247091
1 zmienionych plików z 76 dodań i 39 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

115
docs.d/TIPS-FOR-MINING-ONIONS.md
Wyświetl plik

@ -1,59 +1,73 @@
# Tips when mining Onion Addresses
## for v2 and v3 onion addresses; updated 26 jun 2019
## For v3 onion addresses; updated 18 May 2021
* Copied from:
https://medium.com/@alecmuffett/tips-when-mining-onion-addresses-8eece14cbd95
Hello from Alec - and congratulations! You are setting up an Onion
site! And you want a vanity onion address! There is lots of software
out there that you can use to generate them!
Congratulations! You are setting up an Onion site! And you want a
vanity onion address! There is lots of software out there that you can
use to generate them!
## What do I use?
I'm not going to make strong software recommendations, because it's a
matter of what you have at your disposal already, and what fits the
hardware that you have access to.
Some people mine onion addresses on local hardware for privacy and
safety, whilst others are happy to rent a GPU-based compute-heavy
instance from AWS, or similar.
* for v2: Onions: `Scallion` (C# or Mono, GPU accelerated), `Shallot`,
or `Eschalot`; go for the latest versions of each.
I'm not going to make terribly strong software recommendations,
because it's a matter of what you have at your disposal already,
and what fits the hardware that you have access to.
* for v3 Onions: I have no idea of the standout tools, please check
back and/or suggest something in the comments
In my case I have a small cluster of Raspberry Pi, and I use
[`mkp224o`](https://github.com/cathugger/mkp224o) for mining with them.
I compiled the code manually, using
[the instructions](https://github.com/cathugger/mkp224o/blob/master/README.md)
and
[the tuning instructions](https://github.com/cathugger/mkp224o/blob/master/OPTIMISATION.txt)
to build something suitable for me.
Some people mine onion addresses on local hardware for safety, others
are happy to rent a GPU-based compute-heavy instance from AWS, or
similar.
If you are looking for a really meaningful, long-prefix onion address
up front, you will have to expend a lot of money and CPU-time in order
to find one. This is why the next section is really important in
order to get the most "bang for your buck".
## How do I best approach this challenge?
If you're setting up multiple onions for your site -- eg: if there is
one/more CDNs associated with your site, it is nice to set up vanity
onions for them, too; partly for "cute" but also to stop yourself
going crazy during debugging.
For instance, the NYT onion is https://www.nytimes3xbfgragh.onion/ and
their CDN Onion is https://graylady3jvrrxbe.onion/
For instance, the (defunct, V2) NYT
onion was https://www.nytimes3xbfgragh.onion/ and their CDN
onion was https://graylady3jvrrxbe.onion/
Similarly there exist https://www.facebookcorewwwi.onion/ and
https://fbcdn23dssr3jqnq.onion/
Similarly there were
https://www.facebookcorewwwi.onion/ and
https://fbcdn23dssr3jqnq.onion/ for Facebook.
* Perhaps use your CDN Onion to reflect your own history and
site/brand culture?
Ask yourself now: perhaps use your CDN Onion to reflect your own
history and site/brand culture? Perhaps you can mine several onion
addresses at the same time, even speculatively?
Onion mining is a matter of luck and resource, and
(counterintuitively?) the rarest resource that you have, is time, as
measured by your wall clock.
Onion mining is a matter of luck and expensive resource, and
(counterintuitively?) the rarest resource that you have, is time
as-measured by your wall clock.
Therefore, if you are mining onions for a lot of sites, the best
strategy is follows:
* Have breakfast and some tea or coffee. Try to get into a creative
mood.
mood. You are making an investment of time *now* to save yourself
time and effort, later.
* Sit down, open a document, and try to think inclusively of every
possible prefix that you might ever find acceptable at the start (or
finish) of your onion addresses, for all of your sites, and write
them all down. You may create 10, 20, or more. No ideas are bad
ideas. Deduplicate them (eg: it's pointless to look especially for
`nytimes` if you are already happy to have anything beginning with
`nyt`)
* Sit down, open a document, and try to think inclusively of EVERY
POSSIBLE PREFIX THAT YOU MIGHT EVER FIND ACCEPTABLE at the start (or
suffix, at the end) of your onion addresses, for all of your sites
and CDNs, and write them all down. You may create 10, 20, or
more. No ideas are bad ideas. Deduplicate them (e.g.: it's pointless
to look for `nytimes` if you're already looking for anything
beginning with `nyt`). Each additional prefix is nearly zero-cost,
compared to the days, weeks, or months of time that your computers
will spend in grinding their way through cryptography.
* Configure your software to search for all of these, for all of your
sites, simultaneously. Set it running. Make sure to configure
@ -73,9 +87,9 @@ strategy is follows:
dealing with randomness here, and raw entropy is more creative than
you'd ever imagine.
* There is also a vast amount of noise -- huge, enormous quantities
of gibberish -- but that's okay, because `storage+grep` is cheaper
than `encryption+wallclocktime`.
* There is also a vast amount of noise -- huge, enormous quantities of
gibberish -- but that's okay, because (again) `storage+grep` is
mucg cheaper than `encryption+wallclocktime`.
* When we mined the Facebook onion address, the search-patterns were
`^(facebook|fbcdn|fbsbx|...)` and a few others all in a single
@ -103,6 +117,29 @@ strategy is follows:
Best of luck to you. :-)
## Converting your V3 onion addresses for EOTK
Tools like `mkp224o` save the keys they generate as three separate
files: `hs_ed25519_public_key`, `hs_ed25519_secret_key`, and
`hostname`; this is elegant but hard to manipulate, so EOTK creates
its own standard for storing v3 onion addresses in the `secrets.d`
folder.
If you are in a directory which contains the above-named three files,
you can run a helper shellscript by using a command, something like:
```
~/eotk/lib.d/rename-v3-keys-for-eotk-secrets.sh
```
...which will safely create TWO files:
* `someverylongonionaddressinvolvingalotofbase32characterss.v3pub.key`
* `someverylongonionaddressinvolvingalotofbase32characterss.v3sec.key`
...that can be moved into your `~/eotk/secrets.d/` folder, for EOTK to
use when you run `eotk config ...`
## War Stories and Problems When Mining Onions
A long time ago I mined a bunch of test onion addresses for the New
@ -131,9 +168,9 @@ rather than actual, `hostname` file during install; so it might not
reflect reality if your V2 onion keys are thusly afflicted - for
instance if your Onion site is 100% unreachable.
The way to test a **V2 Onion** address for this syndrome is to `cd`
into `projects.d/.../foofoofoofoofoo.d/` and then **remove** the
`hostname` file in that directory.
The way to test a **V2 Onion** address for this syndrome is to
`cd` into `projects.d/.../foofoofoofoofoo.d/` and then **remove**
the `hostname` file in that directory.
Then do: