| Version 36 (modified by , 21 months ago) (diff) |
|---|
Intro to Next Gen Onion Services (aka prop224)
Welcome to the next level in overlay networks: Tor's Next Generation Onion Services!
Tor as of version 0.3.2.1-alpha supports the next-gen onion services protocol for clients and services! As part of this release, the core of proposal 224 has been implemented and is available for experimentation and testing by our users. This newer version of onion services ("v3") features many improvements over the legacy system, including:
- Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)
- Improved directory protocol, leaking much less information to directory servers.
- Improved directory protocol, with smaller surface for targeted attacks.
- Better onion address security against impersonation.
- More extensible introduction/rendezvous protocol.
- A cleaner and more modular codebase.
You can identify a next-generation onion address by its length: they are 56 characters long, as in 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion.
The specification for next gen onion services can be found here: https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt
Current state
Initial client/service support introduced in tor-0.3.2.1-alpha. Project currently in testing and bugfixing phase.
There is no official Tor Browser release with prop224 support right now. We plan to have one by the end of September.
In the future, we plan to release more features for v3 onion services, but we first need a testing period for the current codebase to mature and become more robust. Planned features include: offline keys, advanced client authorization, improved guard algorithms, and statistics. For full details, see rend-spec-v3.txt.
Example prop224 services
You will need a Tor browser running at least tor-0.3.2.1-alpha to visit these:
- www.riseup.net: vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion
- searx.riseup.net: ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion
- IRC test hub: gff4ixq3takworeuhkubzz4xh2ulytoct4xrpazkiykhupalqlo53ryd.onion:6697
- Some address found: http://j2eiu2izwjpazjevu4xs3muaif3jzex3nnvnu677vz2fypmzccvhhiid.onion
(Also NEVER trust onions you read on a wiki :) )
How to connect to the test hub for next gen onion services
We've setup a small test hub in a friendly IRC network which you are welcome to join if you want us to help test next gen onion services. The address is gff4ixq3takworeuhkubzz4xh2ulytoct4xrpazkiykhupalqlo53ryd.onion:6697. You will need an IRC client and socat to follow this guide:
1) Compile Tor from source:
$ git clone https://git.torproject.org/tor.git
and then build it using ./autogen.sh && ./configure --disable-asciidoc && make.
2) Setup a basic torrc for your Tor client
Try this torrc for your Tor client (adapt it to your filesystem):
SocksPort 9008 RunAsDaemon 0 SafeLogging 0 DataDirectory /home/user/tmp/tor Log notice stdout Log notice file /home/user/tmp/hsclient/tor.log Log info file /home/user/tmp/hsclient/torinfo.log
3) Setup a socat tunnel to the prop224 testing hub
I use this socat command to setup a tor tunnel between my computer and the prop224 service:
$ socat TCP4-LISTEN:4250,bind=localhost,fork,reuseaddr SOCKS4A:localhost:gff4ixq3takworeuhkubzz4xh2ulytoct4xrpazkiykhupalqlo53ryd.onion:6697,socksport=9008
4) Connect to the testing hub IRC channel
Start up your IRC client (in this case irssi) and point it to the tunnel we opened above:
/server -ssl localhost 4250
/join #prop224
5) Sit back and enjoy!
If you made it this far the next step is to relax and enjoy this new Internet experience. Also monitor your log files to see if any warnings or bugs appeared. If we see your client misbehaving we might ask you to give us some logs etc. If any other tests are required we will notify you through the IRC testing hub.
How to setup your own prop224 service
Just use a normal onion service torrc and add HiddenServiceVersion 3 in your hidden service torrc block.
Example for testing:
SocksPort auto HiddenServiceDir /home/user/tmp/hsv3 HiddenServiceVersion 3 HiddenServicePort 6667 127.0.0.1:6667 SafeLogging 0 Log notice stdout Log notice file /home/user/tmp/hs/hs.log Log info file /home/user/tmp/hs/hsinfo.log
You can then find your onion address at /home/user/tmp/hsv3/hostname.
Please let us know if you find any bugs!!!
Attachments (3)
- onions.jpg (41.8 KB) - added by 21 months ago.
- sub.png (198.2 KB) - added by 21 months ago.
- hut.jpg (867.2 KB) - added by 21 months ago.
Download all attachments as: .zip
