- Tor dumps tor1 and strikes to a stronger, research-driven relay encryption system
- CGO introduces fashionable protections that block tagging assaults throughout the community
- Large-block encryption makes modified cells unrecoverable and stops predictable interception makes an attempt
Tor has launched a brand new relay encryption system referred to as Counter Galois Onion (CGO) to exchange the older tor1 algorithm.
The change is meant to make the community extra resilient towards fashionable interception strategies that would compromise person privateness.
CGO is built on a Rugged Pseudorandom Permutation called UIV+, designed by cryptography researchers to meet rigorous security requirements.
Addressing vulnerabilities in tor1
Tor reports this system has been verified for tagging resistance, forward secrecy, longer authentication tags, and efficient operation without adding significant bandwidth overhead.
The previous tor1 relay encryption had multiple weaknesses by modern standards, mainly as it relied on AES-CTR encryption without hop-by-hop authentication, allowing a potential adversary controlling relays to modify traffic predictably, creating tagging attack opportunities.
It also reused AES keys throughout a circuit, offering only partial forward secrecy, and used a 4-byte SHA-1 digest for authentication, giving a small chance that a forged cell could go undetected.
Tor maintains while only the first issue is critical, all three represent areas requiring improvement as cryptography standards evolve.
CGO introduces wide-block encryption and tag chaining, which renders modified cells and future traffic unrecoverable, effectively blocking tagging attacks.
The keys are updated after each cell to prevent decryption of past traffic even if current keys are exposed.
SHA-1 has been removed entirely and replaced with a 16-byte authenticator, enhancing overall security.
Circuit integrity is strengthened by chaining encrypted tags and nonces across cells, making any tampering immediately detectable.
Tor emphasizes these measures address previous weaknesses while maintaining reasonable performance.
The CGO system is being integrated into both the C Tor implementation and the Rust-based Arti client.
The feature is currently experimental, with additional work planned for onion service negotiation and performance optimization.
Tor Browser users do not need to take any action to benefit from CGO, as the update will apply automatically once the system is fully deployed.
A timeline for when CGO will become the default encryption method has not yet been announced.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our knowledgeable information, critiques, and opinion in your feeds. Ensure that to click on the Comply with button!
And naturally you can too follow TechRadar on TikTok for information, critiques, unboxings in video type, and get common updates from us on WhatsApp too.
