WireGuard vanity keygen | Hono Hacker News

▲

78 points by simonpure 10 hours ago | 11 comments

▲kuratkull 1 minute ago

I'd like to see mentions/confirmation that it has top-notch randomness so that nobody else can come up with the same keys.

▲sedatk 4 hours ago

I love that the app has ARM64 builds for Windows. I use a Windows ARM64 laptop daily, and every native ARM64 build I come across brings me joy.

Take note, Discord.

▲jimjambw 1 hour ago

It’s funny (and annoying) the disparity between Arm builds for macOS and Windows. I understand why it happens but even Microsoft has produced Arm native versions of apps for macOS before Windows.

▲burnt-resistor 9 hours ago

Reminds me of people where I worked having vanity GPG key ids. I'm wondering how much CPU time and on what machines it took to find them.

▲rgovostes 8 hours ago

For vanity GPG keys, I came up with a neat trick where you could insert arbitrary ASCII art into your key. You construct your ASCII art using the Base64 character set. The decoded binary will be gibberish but you can place it in an inert Literal Data Packet that will be ignored by any conformant OpenPGP parser. It just takes a little finagling to align your data to a 3-byte boundary with appropriate line wrapping.

▲wiktor-k 2 hours ago

Key IDs are based on fingerprints and fingerprints are calculated by SHA-1 hashing the primary key's public key and the creation timestamp. A computationally easy way to influence the fingerprint is to tweak the creation timestamp which is a 32 bit Unix epoch value. Of course it needs to be in the past so the range is limited but it's faster to do it this way instead of recomputing the cryptographic key.

▲yjftsjthsd-h 1 hour ago

> the creation timestamp which is a 32 bit Unix epoch value.

GPG keys aren't 2038-safe?

▲dijit 14 minutes ago

PGP is pretty old at this point, and kinda jank.

RFC 1991 only gives them 4 bytes (32bit); not sure if there have been any later additions to rectify this but I don’t think so since even the latest RFC (9580) has them listed as 4 bytes…

https://datatracker.ietf.org/doc/html/rfc1991

https://www.rfc-editor.org/rfc/rfc9580#section-3.5

▲jkingsman 8 hours ago

I used a similar tool[0] for my SSH key to get a nice suffix to spot it easily.

[0]: https://github.com/danielewood/vanityssh-go

▲WarOnPrivacy 6 hours ago

Setup my first WG server last month. WG key gen obligingly put an f-bomb by the front of the key. "You're welcome" I said. True story.

▲jethro_tell 6 hours ago

Given a situation in which you have a decent way to guess user names, such as ‘first-initial-lastname’ how much entropy does this take away?

It seems like I’ve seen several of these over the years when a patch to parse comments would probably be simpler and less of an anti-pattern. What am I missing here?

Edit: or a config dir that allows multiple key files.

▲turblety 43 minutes ago

Would this run faster on a gpu?

▲Calwestjobs 5 hours ago

I wanted this for Bitcoin address, and accidentally generated Satoshi/Peter private key.