onionhash has forked into shallot.

[shallot/rransom.git] / README

---------------------------------------------------------------------
                            shallot 0.0.1
---------------------------------------------------------------------


CONTENT
~~~~~~~
./
CHANGELOG   - lists the latest improvements/fixes
LICENSE     - for those who believe in copyright
configure   - configures shallot for your system
Makefile    - builds the binary (on most systems)
README      - the file you are reading right now

./src/
shallot.c   - computes customized hashes and keys
config.h    - holds the current configure output


HISTORY
~~~~~~~
This program is based on Bebop's program, onionhash-0.0.2.  Since
Bebop has mysteriously disappeared (along with his hidden service
site), I decided to branch the source and improve upon it further
(see CHANGELOG).  However, I owe much of the  credit to Bebop for
the original onionhash, as shallot would not exist without it.


INSTALL
~~~~~~~
* You need to have a recent version of OpenSSL installed.
* Type "make" and pray. (configure script coming soon?)
* Run the program, get some runts. Come back next month.


ABOUT
~~~~~
This program allows you to create customized SHA1 hashes for Tor
hidden services. It's based on THC's Fuzzy Fingerprint technique
(paper available at http://thc.org/papers/ffp.pdf). "Customized"
means, you can choose parts of the hash to match certain regular
expression patterns.

>> example: create private key for test*.onion:

$ ./shallot
Usage: shallot pattern
base32 alphabet allows letters [a-z] and digits [2-7]
pattern can be a POSIX-style regular expression, e.g.
  xxx           must contain 'xxx'
  bar$          must end with 'bar'
  ^foo          must begin with 'foo'
  b[a4]r        may contain leetspeech ;)
  ^ab|^cd       must begin with 'ab' or 'cd'
  [a-z]{16}     must contain letters only, no digits
  ^dusk.*dawn$  must begin with 'dusk' and end with 'dawn'

$ ./shallot ^test
----------------------------------------------------------------
Found matching pattern after 99133 tries: testvztz3tfoiofv.onion
----------------------------------------------------------------
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQC3R85m6NQaA1ZjaYqvz1hvFIjbL4RtKdJbG8hlC9xEBkvfr/BG
8Z5vDiUzdbDt8mEBuZUDanx80uGJvbXTgmczX0UlkEOgGiZ8RKpnsbKaf/EJNrIw
T7MSXQmWNcm22nDeViV7fwy+Usyal2RE5cdVCFsPtEbVZqCumlKkEgCyFwIDBAZ7
AoGBAJSa2cGuru/XhzJAEAIwHZbgPDnum9T/srOYxUKW6afHZeOu5S4Cclwb+xb/
pGOtzn71XZfCKMfiVdxB/f3XTcRrYB2VnBoNToTD7WfH6DksdDf4zunqiEjvxi9K
R+tKhxmF7OedrRt8wIhUmFd1E2Q9nbTHI6icdB4kR4QkYKZzAkEA5M6samK7+495
6SWpRXiePIs7sHKWuxdCrG7kW5RNJrv2CcGYwK46TPcaXBcRfM4eq9+9PGoKi0IO
gSpOZ5vRYQJBAM0QAZYTZ6ApD014x372MX1ZNofuYL/+XF8ZPZV6Sh4+9MUBuNPb
yL7BENDr6pX4Zm6OepvAphhCa4vGno2pHncCQQCQnfhUCHANU4bjtX4EOoI63WDq
UwBOeIWxu0YvGt7Z25Dg9CNz/aX8UZIoj6VyKxLRbR9+K3mNrNgaopW+ZDKzAkEA
ttgTK1ALe+3v+5H+Ez1SvFPREDFcHihrfD1Ipc5zicY9ixTArgdyZvk+Pi+AMBVV
sL2HWvjRLEAgRclvKfkwWwJAFtM+BIGRM5me+fMALuBBEtKnbJ6maflsyucErEb0
pIIBkovF5oyWO3lSBmtStJIANNkHOg8aXqjcgPKusDN7CQ==
-----END RSA PRIVATE KEY-----

The generated key can now be saved as file 'private_key' in your
HiddenServiceDir. Afterwards reload Tor (e.g. by sending SIGHUP)
and you should be reachable as testvztz3tfoiofv.onion.


SECURITY
~~~~~~~~
Shallot generates a lot of keys in a non-standard fashion, by varying
e. While some may  debate that this leads to weaker  keys, all sanity
checks found in  PKCS#1 v2.1 are strictly followed,  so I don't worry
too much. Please feel free to disagree with me.


PERFORMANCE
~~~~~~~~~~~
First of all, you cannot create any hash you want (in adequate time).
If you could easily find collisions on the first half (80 bit) of the
SHA1 hash, Torland would be in serious trouble.

The speed of the worker() loop can be divided in:
+----------------------------------------+
| function(s)          | CPU consumption |
|----------------------+-----------------|
| compute next RSA key |            4.6% |
|   PEM-encode RSA key |           59.4% |
|    compute SHA1 hash |           30.6% |
|   BASE32-encode hash |            2.7% |
|   compare with regex |            2.7% |
+----------------------------------------+

On a 1.8GHz x86-machine, Bebop got about 250k hashes per second,
but on my 1.8GHz x86-machine, I  only get about 220k hashes/sec.
+---------------------------------------------+
| chars | ~number of tries | ~time @ 250 KH/s |
|-------+------------------+------------------|
|     1 |      32^1  =  32 |           <1 sec |
|     2 |      32^2  =  1k |           <1 sec |
|     3 |      32^3  = 32k |           <1 sec |
|     4 |      32^4  =  1m |            4 sec |
|     5 |      32^5  = 32m |            2 min |
|     6 |      32^6  =  1g |           1 hour |
|     7 |      32^7  = 32g |           2 days |
|     8 |      23^8  =  1t |          50 days |
|     9 |      32^9  = 32t |          5 years |
|    16 |      32^16 =  1y |         too long |
+---------------------------------------------+
Note: you can speed it up if you're only interested in a certain
      string to appear somewhere, instead of at a fixed position
      like the beginning of the hash. Also you could make use of
      'leetspeech', therefore allowing both, e.g. [3e] or [7t]


BUGS
~~~~
Let me know!  If there are any, it's probably in the Linux port.


TODO
~~~~
* use something faster than OpenSSL's i2d_RSAPublicKey() for PEM-encoding
* lots and lots of command line options (flags) so you can fine tune
* support hardware acceleration (e.g. VIA Padlock's hardware SHA-1)
* make sure the requested hash contains base32 chars (2-7, a-z) only
* make sure the requested hash is valid (not longer that 16 chars)