vanity ricochet address

[milahu]

i want to generate a pretty ricochet address with a certain prefix

to generate a vanity onion address, i use mkp224o

mkp224o-amd64-64-24k -t 1 mila

for every result, mkp224o generates a folder with 3 files:

$ cat hostname
milakaa6igpiyce6ajf3zbdyqsk7r3nh7m6qk4wwxfysm5atmnnv6dqd.onion

$ hexdump -C hs_ed25519_secret_key
00000000  3d 3d 20 65 64 32 35 35  31 39 76 31 2d 73 65 63  |== ed25519v1-sec|
00000010  72 65 74 3a 20 74 79 70  65 30 20 3d 3d 00 00 00  |ret: type0 ==...|
00000020  40 48 14 01 01 87 f8 9e  9d 01 9f 5a 30 67 38 d7  |@H.........Z0g8.|
00000030  95 4c 81 8f 82 7e 14 a2  cf 1d 90 21 0d 97 55 70  |.L...~.....!..Up|
00000040  ff 11 51 35 9f 7b 8d 9a  86 aa 1a 07 36 64 10 03  |..Q5.{......6d..|
00000050  29 70 4c 73 d8 0c ce f6  8e f9 3d 1f 98 f1 08 7b  |)pLs......=....{|
00000060

$ hexdump -C hs_ed25519_public_key
00000000  3d 3d 20 65 64 32 35 35  31 39 76 31 2d 70 75 62  |== ed25519v1-pub|
00000010  6c 69 63 3a 20 74 79 70  65 30 20 3d 3d 00 00 00  |lic: type0 ==...|
00000020  62 16 05 00 1e 41 9e 8c  08 9e 02 4b bc 84 78 84  |b....A.....K..x.|
00000030  95 f8 ed a7 fb 3d 05 72  d6 b9 71 26 74 13 63 5b  |.....=.r..q&t.c[|
00000040

import the private into ricochet:

#! /usr/bin/env bash

# import a private key generated by mkp224o into ricochet

set -e
set -x

c=$HOME/.config/ricochet-refresh/ricochet.json

# check dependencies
command -v jq
command -v sponge
command -v base64

# check files
stat hs_ed25519_secret_key
stat $c

# make backup
cp -v $c $c.bak.$(date +%s)

# quiet
set +x

echo patching $c

cat $c |
jq --indent 4 \
  --arg p $(tail -c +33 hs_ed25519_secret_key | base64 -w0) \
  '.identity.privateKey = "ED25519-V3:\($p)"'|
sponge $c

now my ricochet address is ricochet:milakaa6igpiyce6ajf3zbdyqsk7r3nh7m6qk4wwxfysm5atmnnv6dqd

(obviously that is not my ricochet address, because the private key is public now...)

related: https://github.com/ricochet-im/ricochet/issues/435

[pospeselr]

Such a thing is possible and I'd be happy to review patches for the UX to do so.

Just spitballing, I would imagine one way to do this is on first launch with a new profile, have some UX for the user to either generate a new random identity (which happens transparently now) or to generate a ed25519 private key whose v3 onion service id matches some pattern. We would need to provide user feedback for the expected amount of time it would take to find a vanity address with the requested properties.

[elandorr]

A waste of energy, to be honest. I've played with this too much to admit.

If you bundle a pre-built default binary you can forget performance.

A custom-built and optimized (benchmark all variations, there are huge differences) mkp224o is the fastest option last time I checked (the GPU ones are much slower, only PoCs). It still takes far too long for anything beyond a couple characters. And that's the whole point, it's supposed to take long. It's something you would accept for a public "darknet" site that is intended to last for a long time, where adversaries actively try to scam users with similar links and you'd like to make it harder for them.

Last time I checked, there was no way to trustlessly bruteforce it elsewhere, either. So you're limited by the CPU you have yourself, which is ultra inefficient. An adversary doesn't need to care about that, he can just rent some monster on AWS etc. and trump you. Not to mention governments have unlimited budgets you'll never match. They can use entire DCs, if needed.

mkp224o is very steady, you could estimate how long it will take on average once you optimized the build and have numbers. But statistics are a bitch, the average is misleading. To really give a typical user something he can feel, you'd have to calculate the 99% chance, and that severely limits length. And it could still be in the 1%. Humans are very bad at visualizing chance, gambler's fallacy and all.

In practice, a more practical approach is needed. We got lucky a few times with just a few minutes, whereas other times even killing cycles for 6 months yielded nothing. Better than looking for specific strings is looking for memorable patterns. Something stupid but distinct and long (edge of what even someone with $ can reach) can be theoretically useful.

Sooner or later someone will likely make a fast GPU one for v3, which means you'd end up having to buy a ridiculously expensive GPU setup even just to keep up the theater. And an adversary will still rent some mega-cluster and beat you. Besides, will you make everyone update your id?

Ergo, even for "legit" use cases like a public "darknet" site, it's difficult to reach any level that's useful against an attacker, and a random one you picked from the stream and turned into a mnemonic is likely better.

By now you understand there's a logical problem with all of this:

Every viable length (especially with the first launch idea) will be useless, because adversaries can generate the same equally fast. It wouldn't improve security as intended in any case. It would really only be a true vanity gimmick, wasted CPU, so you have a few letters that nobody ever looks at.

Why destroy nature for a string nobody cares about and no security benefits?

And, if it's just a handful of chars due to aforementioned reasons, it's pointless and totally out-of-scope for ricochet. Someone who really wants a vanity thing after all that can copy paste himself.

[milahu]

it's pointless and totally out-of-scope for ricochet. Someone who really wants a vanity thing after all that can copy paste himself.

yep, "has workaround". anyway, people should learn to code ; ) or someone should write a separate gui tool...

If you bundle a pre-built default binary you can forget performance.

yep, so keep mkp224o an external dependency

adversaries actively try to scam users with similar links

this is a known problem with vanity domains checking 5 of 56 chars is a bad integrity check

from the random domain names we could generate identicons as default icons

It still takes far too long for anything beyond a couple characters.

im happy with a prefix of 5 chars, which takes some minutes

Better than looking for specific strings is looking for memorable patterns.

maybe... one can look for readable strings, or use a wordlist

mkp224o-amd64-64-24k -f prefixes.txt

[pospeselr]

I've had a think about this an I'm inclined to say this would do more harm than good, at least in isolation. Adversaries are likely to have way more computational power than an individual user making a vanity onion, so they are always going to have the upper hand w/ regards to finding collisions. Therefore, we really don't wan to encourage users thinking 'yeah the first 6 or 8 letters are right must be the contact I think it is'.

Longer term adding in some hash-based identicons as suggested by @milahu is probably a good idea in the context of sharing ones contact info.

[odiferousmint]

Therefore, we really don't wan to encourage users thinking 'yeah the first 6 or 8 letters are right must be the contact I think it is'.

Yup, I have similar concerns about it.