"Vanity" onion addresses are a partial workaround for the difficulty of memorizing the 56-character-long onion addresses.

A vanity address is an onion address that starts with a pre-chosen number of characters, usually a meaningful name related to a specific Onion Service.

For instance, one might try to generate an onion address for the mysitename website and end up with something looking like this:

mysitenameyx4fi3l6x2gyzmtmgxjyqyorj9qsb5r543izcwymle.onion

This has some advantages:

  • It is easy for Onion Services users to know which site they are about to access.

  • It has some branding appeal to site owners.

  • It is easy for Onion Services operators to debug their logs and know which services have errors without recurring to a table or to memorize some random characters from a regular onion address.

But it also has some disadvantages:

  • An attacker wishing to impersonate an existing onionsite by creating a fake version of it might use vanity addresses as an additional way to convince users that their address is the right one. If the legitimate site does not use a vanity address, users might think that the fake site is the valid one because it has a nicer address.

  • It is relatively easy for anybody with average computing resources to create other keys beginning with mysitename (although they are very unlikely to come up with the exact key from the example above). So, in a sense, vanity keys might be confusing and offer a false sense of identity; users can easily be mistaken into accessing an impersonating onion service just because it starts with mysitename.

  • It consumes resources (time and energy): the bigger the vanity name, the longer (and more computing power) it takes.

The long-term solution involves a better onion naming scheme, and vanity addresses would remain only as a way to help system administrators group onion addresses. For example, when running many Onionbalance backends.

Vanity address generation

mkp224o is one of the tools that can be used to generate vanity addresses.

Step 1. Install the requirements

Step 2. Follow the build instructions

Step 3. Run the generator

$ ./mkp224o -d onions mysitename

This will create the onions directory and others needed for each of the discovered onion addresses with their respective keys. To know what else the tool can do, refer to its help by executing the following command:

$ ./mkp224o -h

Additionally, if you are looking for a more advanced tool, see Onionmine, a handy wrapper for mkp224o that can also handle TLS certificate generation for Onion Services.

Read more