Tor Is in the Market for a Game Changing Security Makeover

After the recent vulnerability exploit that swept over Firefox users – and by extension, Tor users – it’s no surprise that The Tor Project is in the market for a security update. While the patch was released for Mac and Linux users, the rest of the OS world is still waiting on a dependable way to browse the internet. Recent vulnerabilities and exploits aside, the Tor Project team has been working on this update for the last four years.

The Tor Project has been operating the legacy onion system for over ten years; it’s no shocker that its walls are starting to crumble. The new game changing makeover will show improvements on the cryptography and protocol end, as well as the engineer and casual user’s spectrum.

“On the cryptography side, we are looking at cutting-edge crypto algorithms and improved authentication schemes. On the protocol end, we redesigned the directory system to defend against info leaks and reduce the overall attack surface.

For example, did you know that in the legacy onion system, the network could learn about your onions? However, with this next-generation design, your onion address is completely private and only known to you and whoever you choose to disclose it to.”

As for the engineer’s perspective, the new protocol is ten times more expansible and offers a “cleaner codebase”. And finally, what would Tor be without its basic user? In that department, the only visible (or noticeable) thing about the makeover will be the longer and more complex onion addresses.

For example, the onion addresses will change from something like this:

7fa6xlti5joarlmkuhjaifa47.onion

To something like this:

7fa6xlti5joarlmkuhjaifa47ukgcwz6tfndgax45ocyn4rixm632jid.onion

The official Tor Project update states,

“All in all, the new system is a well needed improvement that fixes many shortcomings of the old design, and builds a solid foundation for future onion work.”

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil