# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 26
# self = https://watcher.sour.is/conv/thv6jya
I wonder if one could make a vanity (v3) onion address generator that, instead of looking for a small set of user-defined prefixes, looked for a prefix based on three or four short dictionary words from a long list instead. You would be able to have a prefix that's easily recognizable by users to make sure they're at the right address but it would still be very difficult for someone to brute force an address with the same prefix.
@mckinley For example, examplexpi...z2j.onion would be difficult for me to generate but it would be equally difficult for someone who wants to pretend to be that service to generate example6yf...9wn.onion. Instead, I might be able to generate something like wellhairrainba7...m4c.onion based on a list of random words. The other guy would need to find an address with a set 12 character prefix. That would be much more difficult than the 7 character example from before.
@mckinley For example, examplexpi...z2j.onion would be difficult for me to generate but it would be equally difficult for someone who wants to pretend to be that service to generate example6yf...9wn.onion. Instead, I might be able to generate something like wellhairrainba7...m4c.onion based on a list of random words. The other guy would need to find an address with a set 12 character prefix. That would be much more difficult than the 7 character example above.
@mckinley For example, examplexpi...z2j.onion would be difficult for me to generate but it would be equally difficult for someone who wants to pretend to be that service to generate example6yf...9wn.onion. Instead, I might be able to generate something like wellhairrainba7...m4c.onion based on a list of random words. The other guy would need to find an address with a set 12 character prefix. That would be much more difficult than the 7 character example from before.
@mckinley For example, examplexpi...z2j.onion would be difficult for me to generate but it would be equally difficult for someone who wants to pretend to be that service to generate example6yf...9wn.onion. Instead, I might be able to generate something like wellhairrainba7...m4c.onion based on a list of random words. The other guy would need to find an address with a set 12 character prefix. That would be much more difficult than the 7 character example from before.
@mckinley The obvious potential pitfall is the computational expense of comparing generated addresses to possible combinations of a large word list. It would be interesting to see how this compares to the brute force method in practice.
@mckinley The obvious potential pitfall is the computational expense of comparing generated addresses to possible combinations of a large word list. It would be interesting to see how this compares to the brute force method in practice.
@mckinley I _read_ all your ramblings 🤣 But I confess I neither understand Tor or Onion addresses (_nor have I ever used them_) and I'm not what what you're trying to solve? 🤔 (_or thinking of ways to solve_)
@mckinley I _read_ all your ramblings 🤣 But I confess I neither understand Tor or Onion addresses (_nor have I ever used them_) and I'm not what what you're trying to solve? 🤔 (_or thinking of ways to solve_)
@mckinley maybe https://github.com/cathugger/mkp224o worth a shot?\nThe -N option tries to fit n keys from the filter. I made a list with about 600 words with 5 or more chars. I'm running it right now and post the results as soon as it finishes.
@mckinley The command line is: mkp224o -n 2 -N 2 -f words2.txt\n-n the number of keys we want to generate\n-N the number of filter words we want to match\nMy old 6 core is burning!
@lohn I didn't know mkp224o had that option, but I think doing it with long words will be impractical. The difficulty goes up drastically as you add words, and 5 characters is already difficult to generate. Take a look at these generation times on a cluster of 5 raspberry pis: https://www.jamieweb.net/blog/onionv3-vanity-address/#generation-times
Someone much smarter than I could probably calculate the increase in difficulty based on word length.
@lohn I didn't know mkp224o had that option, but I think doing it with long words will be impractical. The difficulty goes up drastically as you add words, and 5 characters is already difficult to generate. Take a look at these generation times on a cluster of 5 raspberry pis: https://www.jamieweb.net/blog/onionv3-vanity-address/#generation-times\nSomeone much smarter than I could probably calculate the increase in difficulty based on word length.
@lohn I didn't know mkp224o had that option, but I think doing it with long words will be impractical. The difficulty goes up drastically as you add words, and 5 characters is already difficult to generate. Take a look at these generation times on a cluster of 5 raspberry pis: https://www.jamieweb.net/blog/onionv3-vanity-address/#generation-times\nSomeone much smarter than I am could probably calculate the increase in difficulty based on word length.
@prologic (#thv6jya)\n> what I'm trying to solve\n\nPeople use the address to be sure they're using the right hidden service, and if you can get an address with the same prefix you might be able to trick some users into thinking you're the other service. It's the same basic idea as Typosquatting. My idea, in theory, would make it easier (less computationally expensive) to generate an address with a certain prefix the first time, and much harder to do a second time.
@prologic (#thv6jya)
> what I'm trying to solve
People use the address to be sure they're using the right hidden service, and if you can get an address with the same prefix you might be able to trick some users into thinking you're the other service. It's the same basic idea as Typosquatting. My idea, in theory, would make it easier (less computationally expensive) to generate an address with a certain prefix the first time, and much harder to do a second time.
@mckinley That's the good part of using a dictionary! You can broaden the possibilities exponentially.\nI remade the wordlist to include 4 chars words. It took less than a minute to calc the 2 addresses (with nice names) and 8 characters: highhead and welltake.
I like this play\n\nstaytown\nnicefired\nopenless\nseekhelp\nmeanwall\nplanfrom\n\nNames for indie bands. Or a new startup.
@lohn Wow, how many have you managed to generate already?
MeanWall: An SSH honeypot that insults anyone who tries to log in.
@lohn Wow, how many have you managed to generate already?\nMeanWall: An SSH honeypot that insults anyone who tries to log in.
@lohn Wow, how many have you managed to generate already?
CPU Hurts