Tor clients and onion apps now protect towards many attacks by holding to a single relay called a Guard for the first hop in all the paths, to restrict a number of sites that get to see their association into the Tor network. It seems like we can do even greater for Onion services by holding to the same second hop and third hop too. But making the design right is complex because there are several subtle ways to mess it up, so it will be a while yet till we build and deploy it, wrote Dingledine in an email interview with News.
That said, the next age of Tor includes a multitude of updates and fixes that are now rolling out. “We have a practical working version right now, but we haven’t set out a release though that has this new code in it. We’re still polishing it up and looking over it for possible bugs. We’re thereby to finish the Tor 0.3.1 branch we put out different alpha version of it on Tuesday,” he said. A provisional schedule for Tor 0.3.2 is December.
Topping the lineup of new features is changing from the old cryptosystem which covers the first 80 bits of the SHA-1 of the 1024-bit RSA key to a new way that uses the much powerful elliptic curve cryptography (ECC) keys, such as Ed25519 signature scheme.
“Switching of the old cryptosystem, which is not really known to be a puzzle quite yet, but is apparently going to look increasingly weak in the coming years, so now’s a great time to update it,” he said.
Other next-gen applications include concentrating on making it hard to set up relays in a progression that target a particular Onion service. This is achieved via better-hidden service directory (HSDir) design. Within Tor, HSDir functions related to DNS servers, allowing a Tor customer to ask one of the HSDirs to “fix” the name of an onion site into data that can be used to reach its public key, plus how to meeting with that onion service over the Tor network.
Dingledine said, currently the HSDir relays are too likely to be found. “The six daily HSDirs for a delivered onion address are expected into the future,” he said. The answer is to make the HSDir mapping enter a communal random value that everybody accepts about, but that nobody can see, according to Dingledine. “The record authorities pick this value each day as part for their consent voting process,” he said.
Take your time to comment on this article.