Onion Sites
I am probably somewhat obsessed with having my websites accessible over a .onion
domain, perhaps because I like vanity names (I’ll explain this later).
A while ago, I introduced dmojsites2fpbeve.onion
for DMOJ. And today, I introduce quantum2l7xnxwtb.onion
for this website.
These .onion websites are accessible over Tor, and do not ever leave the Tor network when accessed this way. Despite not having HTTPS (which is basically unattainable due to the lack of any certificate authority willing to issue free certificates for .onion), the encryption is end-to-end: only your computer and the server at my end can see the actual traffic in plaintext. For those familiar with the Tor network, there is no exit node which can watch your traffic in this setup.
To preview these websites, you can use tor2web.org. In practice, you simply have to append .link
after any .onion
domain, and tor2web will take care of the rest. For example, quantum2l7xnxwtb.onion
can be accessed as quantum2l7xnxwtb.onion.link
. Note that you lose pretty much all the benefits of Tor this way.
.onion domain names are composed of 16 “random” alphanumeric characters (more precisely, matching ^[a-z2-7]{16}\.onion$
). These are derived from the public key of the onion site. Now, you may have noticed that the DMOJ and Quantum onion sites have a nice, identifiable prefix. This is called a vanity name. To generate these, we perform the equivalent of generating keys until we happen to get the desired prefix. This process is not too fast, as you can probably imagine.
However, there is this nice program called Scallion that can harness the full power of your GPU to generate keys, compute the resulting onion domain name, and check for desirable matches. It took about 30 seconds to generate a vanity starting with quantum
. This is rather impressive, since it takes around a day with older CPU-based programs, such as Shallot. CPU-based programs may be quite a bit faster on today’s hardware, but it’s still nowhere nearly as fast as a GPU.
Of course, with better hardware comes the ability to create better vanity names. For example, Facebook introduced their site over Tor with the vanity name facebookcorewwwi.onion
. I may be able to get something similar if I wished to pay for the hardware and have the spare time, but I don’t. For the security-minded, Facebook did not actually manage to generate an exact 16 character match, as that would mean anyone can duplicate any .onion site, breaking their security. They generated a massive list which contained, by chance, that domain name, and introduced a fancy backronym for it: “Facebook Core WWW Infrastructure”.
In conclusion, while this is probably overkill, and few people if any will ever use the .onion sites for DMOJ or my blog, it still is rather fun to harness the power of my GPU to generate these (somewhat) nice vanity names quickly. Perhaps you too can create your own vanity onion site!