“Securely” generate Custom or Vanity .onion on VPS (Debian/Ubuntu/CentOS)

Word of warning: if you’re using a VPS service, such as Vultr, they may allow you to overclock your CPU which may be a terms of service violation as you’re using shared resources. On our first trial run, the CPU hit 1000% which may get you banned. Even on a dedicated instance we still hit 800% CPU usage. Final run hit 4000% on a 24x CPU instance, which, according to Vultr support, should max out at 2400% CPU usage.

Vultr cpu maximum usage

Security: since the private key is very, very private, you’ll want to use a server with a SATA drive, rather than an SSD, so you can wipe the drive when you’re finished.

Install Shallot .onion tor address generator on Debian & Ubuntu

On Debian 8 install libssl-dev.

apt-get install libssl-dev

# install git & make, and gcc

apt-get install git make gcc

# clone Shallot

git clone https://github.com/katmagic/Shallot.git

# enter the Shallot director

cd Shallot

# configure and make shallot

./configure && make

Install Shallot .onion tor address generator on CentOS

On CentOS 6 or 7 install openssl-devel.

yum install openssl-devel

# install git & make, and gcc

yum install git make gcc

# clone Shallot

git clone https://github.com/katmagic/Shallot.git

# enter the Shallot director

cd Shallot

# configure and make shallot

./configure && make

Running Shallot on your VPS

Note: press Ctrl + C to cancel generating an address at any time.

Running Shallot vanity tor address generator on a VPS

Now you can run shallot like this example:

./shallot ^test

IMPORTANT: if you’re generating addresses more than 4 characters long, you’ll want to use an output file. The following command will write the private key to a file when it’s finished. This is because if the address takes a long time to generate, you can come back to your server later when it’s finished.

If you lose connection without cancelling Shallot first, log back into your server and reboot it. VPS providers will be very unimpressed if you use 1000% of CPU power for a few hours.

./shallot ^test > address.txt

The scrip will go about its work. When it’s finished cat the contents of address.txt

cat ~/Shallot/address.txt

Example output:

Found matching domain after 2688255 tries: testf46n4iedaarq.onion

Secure erasing the file when you’re finished.

If you’re using a SATA drive, first install secure-delete

Debian/Ubuntu: apt-get install secure-delete

CentOS 6 or 7: yum install srm

Then securely delete the file with srm

srm address.txt

The following command will help wipe a SATA disk driver. It will create a new file called nosuchfile and fill it with “zeros” until it fills the drive up completely and then it will delete the file.

Run this 5-6 times to be sure:

cat /dev/zero >nosuchfile; rm nosuchfile

If you chose a big server, you may have to wait a long time for the drive to wipe completely.

As per Shallot’s readme page,

“Time to Generate a .onion with a Given Number of Initial Characters on a 1.5Ghz Processor”

characters time to generate (approx.)
1 less than 1 second
2 less than 1 second
3 less than 1 second
4 2 seconds
5 1 minute
6 30 minutes
7 1 day
8 25 days
9 2.5 years
10 40 years
11 640 years
12 10 millenia
13 160 millenia
14 2.6 million years


One thought on ““Securely” generate Custom or Vanity .onion on VPS (Debian/Ubuntu/CentOS)”

Leave a Reply

Your email address will not be published. Required fields are marked *