blob: 9401ff78355744c37a524d46cea5297bbd906539 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
o Major features (next-generation onion services):
- Tor now supports the next-generation onion services protocol for clients
and services! As part of this release, the core of proposal 224 has been
implemented and is available for experimentation and testing by our
users. This newer version of onion services (v3) features various
improvements over the legacy system:
a) Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)
b) Improved directory protocol leaking less to directory servers.
c) Improved directory protocol with smaller surface for targeted attacks.
d) Better onion address security against impersonation.
e) More extensible introduction/rendezvous protocol.
f) A cleaner and more modular codebase.
Furthermore, as part of this update, onion addresses increase in length
and are now 56 characters long:
4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion
In the future, we will be releasing more options and features but we
first need a testing period, so that the current codebase matures and
becomes more robust. Here are some of the features we have planned:
1) Offline keys for onion services
2) Advanced client authorization for onion services
3) Improved guard algorithm for onion services
4) Next-gen onion service statistics
Please see our proposal for more details:
https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt
The default version for onion services remains v2 (the legacy system)
until this new codebase gets tested and hardened.
Service operators who want to experiment with the new system can use the
'HiddenServiceVersion 3' torrc directive along with the regular onion
service configuration options.
We will publish a blog post about this new feature soon! Enjoy!
|
