wiki:doc/NextGenOnions

Version 4 (modified by asn, 21 months ago) (diff)

--

Intro to Next Gen Onion Services

Tor now supports the next-generation onion services protocol for clients and services! As part of this release, the core of proposal 224 has been implemented and is available for experimentation and testing by our users. This newer version of onion services ("v3") features many improvements over the legacy system, including:

  1. Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)
  2. Improved directory protocol, leaking much less information to directory servers.
  3. Improved directory protocol, with smaller surface for targeted attacks.
  4. Better onion address security against impersonation.
  5. More extensible introduction/rendezvous protocol.
  6. A cleaner and more modular codebase.

You can identify a next-generation onion address by its length: they are 56 characters long, as in `4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion`.

The specification for next gen onion services can be found here: https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt

Current state

In alpha testing phase.

In the future, we will release more options and features for v3 onion services, but we first need a testing period, so that the current codebase matures and becomes more robust. Planned features include: offline keys, advanced client authorization, improved guard algorithms, and statistics. For full details, see proposal 224.

Example prop224 services

You will need a Tor browser running tor-0.3.2.1-alpha to visit these:

  • Riseup: vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion
  • searx.riseup.net: ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion

(Also never trust onions you read on a wiki)

How to connect to test hub

TODO: https://lists.torproject.org/pipermail/tor-project/2017-September/001449.html

How to setup your own prop224 service

TODO

Attachments (3)

Download all attachments as: .zip