Closed milahu closed 8 months ago
Such a thing is possible and I'd be happy to review patches for the UX to do so.
Just spitballing, I would imagine one way to do this is on first launch with a new profile, have some UX for the user to either generate a new random identity (which happens transparently now) or to generate a ed25519 private key whose v3 onion service id matches some pattern. We would need to provide user feedback for the expected amount of time it would take to find a vanity address with the requested properties.
A waste of energy, to be honest. I've played with this too much to admit.
If you bundle a pre-built default binary you can forget performance.
A custom-built and optimized (benchmark all variations, there are huge differences) mkp224o is the fastest option last time I checked (the GPU ones are much slower, only PoCs). It still takes far too long for anything beyond a couple characters. And that's the whole point, it's supposed to take long. It's something you would accept for a public "darknet" site that is intended to last for a long time, where adversaries actively try to scam users with similar links and you'd like to make it harder for them.
Last time I checked, there was no way to trustlessly bruteforce it elsewhere, either. So you're limited by the CPU you have yourself, which is ultra inefficient. An adversary doesn't need to care about that, he can just rent some monster on AWS etc. and trump you. Not to mention governments have unlimited budgets you'll never match. They can use entire DCs, if needed.
mkp224o is very steady, you could estimate how long it will take on average once you optimized the build and have numbers. But statistics are a bitch, the average is misleading. To really give a typical user something he can feel, you'd have to calculate the 99% chance, and that severely limits length. And it could still be in the 1%. Humans are very bad at visualizing chance, gambler's fallacy and all.
In practice, a more practical approach is needed. We got lucky a few times with just a few minutes, whereas other times even killing cycles for 6 months yielded nothing. Better than looking for specific strings is looking for memorable patterns. Something stupid but distinct and long (edge of what even someone with $ can reach) can be theoretically useful.
Sooner or later someone will likely make a fast GPU one for v3, which means you'd end up having to buy a ridiculously expensive GPU setup even just to keep up the theater. And an adversary will still rent some mega-cluster and beat you. Besides, will you make everyone update your id?
Ergo, even for "legit" use cases like a public "darknet" site, it's difficult to reach any level that's useful against an attacker, and a random one you picked from the stream and turned into a mnemonic is likely better.
By now you understand there's a logical problem with all of this:
Every viable length (especially with the first launch idea) will be useless, because adversaries can generate the same equally fast. It wouldn't improve security as intended in any case. It would really only be a true vanity gimmick, wasted CPU, so you have a few letters that nobody ever looks at.
Why destroy nature for a string nobody cares about and no security benefits?
And, if it's just a handful of chars due to aforementioned reasons, it's pointless and totally out-of-scope for ricochet. Someone who really wants a vanity thing after all that can copy paste himself.
it's pointless and totally out-of-scope for ricochet. Someone who really wants a vanity thing after all that can copy paste himself.
yep, "has workaround". anyway, people should learn to code ; ) or someone should write a separate gui tool...
If you bundle a pre-built default binary you can forget performance.
yep, so keep mkp224o an external dependency
adversaries actively try to scam users with similar links
this is a known problem with vanity domains checking 5 of 56 chars is a bad integrity check
from the random domain names we could generate identicons as default icons
It still takes far too long for anything beyond a couple characters.
im happy with a prefix of 5 chars, which takes some minutes
Better than looking for specific strings is looking for memorable patterns.
maybe... one can look for readable strings, or use a wordlist
mkp224o-amd64-64-24k -f prefixes.txt
I've had a think about this an I'm inclined to say this would do more harm than good, at least in isolation. Adversaries are likely to have way more computational power than an individual user making a vanity onion, so they are always going to have the upper hand w/ regards to finding collisions. Therefore, we really don't wan to encourage users thinking 'yeah the first 6 or 8 letters are right must be the contact I think it is'.
Longer term adding in some hash-based identicons as suggested by @milahu is probably a good idea in the context of sharing ones contact info.
Therefore, we really don't wan to encourage users thinking 'yeah the first 6 or 8 letters are right must be the contact I think it is'.
Yup, I have similar concerns about it.
i want to generate a pretty ricochet address with a certain prefix
to generate a vanity onion address, i use mkp224o
for every result, mkp224o generates a folder with 3 files:
import the private into ricochet:
now my ricochet address is
ricochet:milakaa6igpiyce6ajf3zbdyqsk7r3nh7m6qk4wwxfysm5atmnnv6dqd
(obviously that is not my ricochet address, because the private key is public now...)
related: https://github.com/ricochet-im/ricochet/issues/435