Shallot
=======
About
-----
Shallot allows you to create customized .onion addresses for
link:https://www.torproject.org/[Tor's]
link:https://www.torproject.org/docs/hidden-services[hidden services].
(By customized, it is meant that part of the address can be selected. Choosing
an entire address would take far longer than the universe is believed to have
been in existence.)
Installation
------------
$ ./configure && make
$ ./shallot
Usage
-----
$ ./shallot ^test
----------------------------------------------------------------
Found matching pattern after 99133 tries: testvztz3tfoiofv.onion
----------------------------------------------------------------
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQC3R85m6NQaA1ZjaYqvz1hvFIjbL4RtKdJbG8hlC9xEBkvfr/BG
8Z5vDiUzdbDt8mEBuZUDanx80uGJvbXTgmczX0UlkEOgGiZ8RKpnsbKaf/EJNrIw
T7MSXQmWNcm22nDeViV7fwy+Usyal2RE5cdVCFsPtEbVZqCumlKkEgCyFwIDBAZ7
AoGBAJSa2cGuru/XhzJAEAIwHZbgPDnum9T/srOYxUKW6afHZeOu5S4Cclwb+xb/
pGOtzn71XZfCKMfiVdxB/f3XTcRrYB2VnBoNToTD7WfH6DksdDf4zunqiEjvxi9K
R+tKhxmF7OedrRt8wIhUmFd1E2Q9nbTHI6icdB4kR4QkYKZzAkEA5M6samK7+495
6SWpRXiePIs7sHKWuxdCrG7kW5RNJrv2CcGYwK46TPcaXBcRfM4eq9+9PGoKi0IO
gSpOZ5vRYQJBAM0QAZYTZ6ApD014x372MX1ZNofuYL/+XF8ZPZV6Sh4+9MUBuNPb
yL7BENDr6pX4Zm6OepvAphhCa4vGno2pHncCQQCQnfhUCHANU4bjtX4EOoI63WDq
UwBOeIWxu0YvGt7Z25Dg9CNz/aX8UZIoj6VyKxLRbR9+K3mNrNgaopW+ZDKzAkEA
ttgTK1ALe+3v+5H+Ez1SvFPREDFcHihrfD1Ipc5zicY9ixTArgdyZvk+Pi+AMBVV
sL2HWvjRLEAgRclvKfkwWwJAFtM+BIGRM5me+fMALuBBEtKnbJ6maflsyucErEb0
pIIBkovF5oyWO3lSBmtStJIANNkHOg8aXqjcgPKusDN7CQ==
-----END RSA PRIVATE KEY-----
If you place the RSA private key (including its header and footer) in a file
called `private_key` in the `HiddenServiceDir` you specified in your torrc, (If
you don't know what that means,
link:https://www.torproject.org/docs/tor-manual[read the Tor man page]. If you
*still* don't understand, Shallot probably isn't for you.) then when you restart
your Tor, a `hostname` file will be created in `HiddenServiceDir` that contains
your shiny new .onion address.
On the Security of Generated Keypairs
-------------------------------------
It is sometimes claimed that private keys generated by Shallot are less secure
than those generated by Tor. This is false. Although Shallot generates a
keypair with an unusually large public exponent e, it performs all of the
sanity checks specified by PKCS #1 v2.1 (directly in sane_key), and then
performs all of the sanity checks that Tor does when it generates an RSA
keypair (by calling the OpenSSL function RSA_check_key).
Performance
-----------
.Time to Generate a .onion with a Given Number of Initial Characters on a 1.5Ghz Processor
[align="right",float="left",width="30%"]
|=======================================
|characters | time to generate (approx.)
| 1 | less than 1 second
| 2 | less than 1 second
| 3 | less than 1 second
| 4 | 2 seconds
| 5 | 1 minute
| 6 | 30 minutes
| 7 | 1 day
| 8 | 25 days
| 9 | 2.5 years
| 10 | 40 years
| 11 | 640 years
| 12 | 10 millenia
| 13 | 160 millenia
| 14 | 2.6 million years
|=======================================
A History of Shallot
--------------------
Shallot has a long history in Onion Land. In its original incarnation, Shallot
was originally written by a mysterious Onion Lander called Bebop, who created
its predecessor, onionhash-0.0.1, at some unknown time in the distant past. That
quickly(?) evolved into onionhash 0.0.2 and 0.0.3, until Bebop and
link:http://torlandypjxiligx.onion/[Bebop's New Home in Onionspace] mysteriously
vanished. At this point, it was picked up by `Orum, who gave Shallot its
current name, and went through three versions until `Orum's site,
link:http://hangman5naigg7rr.onion/[hangman - hidden (in plain) site], went
down. I (katmagic) got Shallot's sources from
link:http://taswebqlseworuhc.onion/[Tas's site] and put them into a Git
repository. I made a few modifications, wrote a new README, and put the whole
thing up on GitHub for all to see.
