Generating a Vanity Address for Version 3 Onions

Tor Hidden Services are accessed through a web address ending in .onion. Generally speaking these appear to be random strings of letters and numbers, though they're actually a representation of the public key generated when the operator created their hidden service.

Whilst it's possible to generate a V2 vanity .onion address with eschallot, V3 Onions use ed25519 requiring use of a different tool.

This documentation details how to generate a vanity .onion address for Version 3 Onions



Install Dependencies

First we start by installing a couple of dependencies



apt-get install gcc libsodium-dev make autoconf



yum install libsodium-devel
yum groupinstall "Development Tools"


Install mkp224o

mp224o is the workhorse that'll be doing the backbreaking work of generating key combinations, so we need to grab and install it

git clone
cd mkp224o/
# Configure and compile

Once that's completed, we should be ready to try and generate our first URL

./mkp224o filter ben -t 4 -v -n 4 -d /tmp/
set workdir: /tmp/
sorting filters... done.
in total, 2 filters
using 4 threads
waiting for threads to finish... done.

The options passed are

  • filter ben: Look for the string ben - our vanity string
  • -t 4: use 4 threads
  • -v: Be verbose
  • -n 4: Generate 4 suggestions
  • -d /tmp/: Write generated keymatter out to directories under /tmp

The output directory (in the example above /tmp) will have a directory created within it for each of the found suggestions. Copy this to your tor server and put into /var/lib/tor (or wherever you've configured Tor to run) and rename the directory to be that of your hidden service (as defined in torrc - in the tutorial I posted previously, this was /var/lib/tor/myonion/), then fix permissions

mv benyfkc7gc2pptco6hx7t3sk57q7ahzz6fjtur36ar3pm5euvbwx5pqd.onion /var/lib/tor/bens_new_hs
chown -R tor: /var/lib/tor/bens_new_hs
chmod -R u+rwX,og-rwx /var/lib/tor/bens_new_hs

If you've not already added the service to torrc then add it

vi /etc/tor/torrc
HiddenServiceDir /var/lib/tor/bens_new_hs
HiddenServiceVersion 3
HiddenServicePort 80

Then, either way, restart or reload tor

systemctl reload tor

Once TOR restarts, your new service should come up

Things to note

  • It gets progressively harder to bruteforce the keys, the more characters you specify (god only knows what resources Facebook's facebookcorewwwi.onion took to generate!)
  • If you've any config that relies on a specific hostname (such as an NGinx server block, remember to change it if you change the URL!)
  • It might take multiple attempts to find a vanity URL that you actually like