Version 32 (modified by asn, 3 years ago) (diff)


Intro to Next Gen Onion Services (aka prop224)

Welcome to the next level in overlay networks: Tor's Next Generation Onion Services!

Tor as of version supports the next-gen onion services protocol for clients and services! As part of this release, the core of proposal 224 has been implemented and is available for experimentation and testing by our users. This newer version of onion services ("v3") features many improvements over the legacy system, including:

  1. Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)
  2. Improved directory protocol, leaking much less information to directory servers.
  3. Improved directory protocol, with smaller surface for targeted attacks.
  4. Better onion address security against impersonation.
  5. More extensible introduction/rendezvous protocol.
  6. A cleaner and more modular codebase.

You can identify a next-generation onion address by its length: they are 56 characters long, as in 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion.

The specification for next gen onion services can be found here:

Current state

We are currently in alpha testing phase.

In the future, we plan to release more features for v3 onion services, but we first need a testing period for the current codebase to mature and become more robust. Planned features include: offline keys, advanced client authorization, improved guard algorithms, and statistics. For full details, see rend-spec-v3.txt.

Example prop224 services

You will need a Tor browser running at least tor- to visit these:

  • vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion
  • ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion
  • IRC test hub: gff4ixq3takworeuhkubzz4xh2ulytoct4xrpazkiykhupalqlo53ryd.onion:6697

(Also NEVER trust onions you read on a wiki :) )

How to connect to the test hub for next gen onion services

We've setup a small test hub in a friendly IRC network which you are welcome to join if you want us to help test next gen onion services. The address is gff4ixq3takworeuhkubzz4xh2ulytoct4xrpazkiykhupalqlo53ryd.onion:6697. You will need an IRC client and socat to follow this guide:

1) Compile Tor from source:

$ git clone

and then build it using ./ && ./configure --disable-asciidoc && make.

2) Setup a basic torrc for your Tor client

Try this torrc for your Tor client (adapt it to your filesystem):

SocksPort 9008
RunAsDaemon 0
SafeLogging 0
DataDirectory /home/user/tmp/tor
Log notice stdout
Log notice file /home/user/tmp/hsclient/tor.log
Log info file  /home/user/tmp/hsclient/torinfo.log

3) Setup a socat tunnel to the prop224 testing hub

I use this socat command to setup a tor tunnel between my computer and the prop224 service:

$ socat TCP4-LISTEN:4250,bind=localhost,fork,reuseaddr SOCKS4A:localhost:gff4ixq3takworeuhkubzz4xh2ulytoct4xrpazkiykhupalqlo53ryd.onion:6697,socksport=9008

4) Connect to the testing hub IRC channel

Start up your IRC client (in this case irssi) and point it to the tunnel we opened above:

/server -ssl localhost 4250

/join #prop224

5) Sit back and enjoy!

If you made it this far the next step is to relax and enjoy this new Internet experience. Also monitor your log files to see if any warnings or bugs appeared. If we see your client misbehaving we might ask you to give us some logs etc. If any other tests are required we will notify you through the IRC testing hub.

How to setup your own prop224 service

Just use a normal onion service torrc and add HiddenServiceVersion 3 in your hidden service torrc block.

Example for testing:

SocksPort auto

HiddenServiceDir /home/user/tmp/hsv3
HiddenServiceVersion 3
HiddenServicePort 6667

SafeLogging 0

Log notice stdout
Log notice file /home/user/tmp/hs/hs.log
Log info file /home/user/tmp/hs/hsinfo.log

Please let us know if you find any bugs!!!

Attachments (3)

Download all attachments as: .zip