The second latest alpha build of Tor, Tor 0.3.2.2-alpha, enabled the more secure “next-generation hidden services protocol” (aka v3 onion services). Tor Project President Roger Dingledine said that next generation hidden (onion) services fix security and design flaws found in the original or legacy hidden services. He explained that mistakes he had made in the 2004 onion service protocol are being exploited by “fear-mongering ‘threat intelligence’ companies.” In this alpha build, some of the updates from proposal 224 have been added to Tor, including several directory protocol improvements and updated cryptographic building blocks.
At Def Con 25, Dingledine presented v3 onion services and announced that a public build would likely be available in December 2017. Until then, the alpha build(s) will support prop224 onion services for both onion service operators and clients themselves and hopefully provide a testing platform for a stable build in December. Tor Browser 7.5a5 includes support for the new services, along with other significant changes to the way Tor functions.
Some of the included updates in the 0.3.2.2-alpha are listed as follows:
- The cryptographic building blocks use updated or more secure signature algorithms and hashing methods. For instance, the older SHA1/DH/RSA1024 was swapped with SHA3/ed25519/curve25519.
- Directory protocol has been improved and now leaks less metadata to directory servers. This is, in part, to avoid attacks where a hidden service can be censored easily based on the descriptor. To prevent predictability Tor uses, different, pseudo random variables. Time period, public keys, shared random values, etc.
- “Better onion address security against impersonation; more extensible introduction/rendezvous protocol; and a cleaner and more modular codebase.”
As time goes on and more users test v3 onion services, additional prop224 features will likely make their way to Tor and the Tor Browser. They announced that, in the future, some of the next updates will include advanced client authorization and improved guard algorithms.
“[M]istakes in the original protocol are now being actively exploited by fear-mongering ‘threat intelligence’ companies to build lists of onion services even when the service operators thought they would stay under the radar,” the Tor Co-founder said at Def Con 25. “These design flaws are a problem because people rely on onion services for many cool use cases, like metadata-free chat and file sharing, safe interaction between journalists and their sources, safe software updates, and more secure ways to reach popular websites like Facebook.”
One can recognize the new onion service addresses by the length of the address: 56 characters. They are noticeably longer than v2 onion service addresses. One current example is Riseup’s v3 onion address: http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd[dot]onion.
Instructions on setting up a prop224 service can be found on the Tor Blog.