Intro to Next Gen Onion Services (aka prop224)
Welcome to the next level in overlay networks: Tor's Next Generation Onion Services!
Tor as of version 0.3.2.1-alpha supports the next-gen onion services protocol for clients and services! As part of this release, the core of proposal 224 has been implemented and is available for experimentation and testing by our users. This newer version of onion services ("v3") features many improvements over the legacy system, including:
- Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)
- Improved directory protocol, leaking much less information to directory servers.
- Improved directory protocol, with smaller surface for targeted attacks.
- Better onion address security against impersonation.
- More extensible introduction/rendezvous protocol.
- A cleaner and more modular codebase.
You can identify a next-generation onion address by its length: they are 56 characters long, as in 4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion.
The specification for next gen onion services can be found here: [https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt]
[This page will remain read-only for the next few days. Please contact asn asn@torproject.org for any additions.]
Current state
v3 onion client support exists in all TBBs. As of tor-0.3.5, v3 onions are the default onion service version on the service-side. v2 onions still supported on client and service-side. Users are encouraged to use v3 onions and help us find/fix out any bugs.
In the future, we plan to release more features for v3 onion services, but we first need a testing period for the current codebase to mature and become more robust. Planned features include: offline keys, advanced client authorization, improved guard algorithms, and statistics. For full details, see rend-spec-v3.txt.
Example prop224 services
You will need the latest Tor Browser stable (7.5) or alpha to visit these:
-
www.riseup.net: http://vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion
-
searx.riseup.net: http://ozmh2zkwx5cjuzopui64csb5ertcooi5vya6c2gm4e3vcvf2c2qvjiyd.onion
-
OnionShare http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion/
-
Qubes http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/
-
Whonix http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/
-
decoded:Legal law firm: http://dlegal66uj5u2dvcbrev7vv6fjtwnd4moqu7j6jnd42rmbypv3coigyd.onion/
-
IRC test hub: gff4ixq3takworeuhkubzz4xh2ulytoct4xrpazkiykhupalqlo53ryd.onion:6697
-
Federalist papers: http://7fa6xlti5joarlmkuhjaifa47ukgcwz6tfndgax45ocyn4rixm632jid.onion/
-
Some address found: http://j2eiu2izwjpazjevu4xs3muaif3jzex3nnvnu677vz2fypmzccvhhiid.onion
-
Gitea: http://lgekyjf5vosmbfvcxzg3g5mmcncmwy4d3nhjrdqqiqzl5nmhqlfemaid.onion/
-
patternsinthevoid.net (isis' blog): http://ffqggapqevcmylx6vtk5357i7bfjwbb6qchds3hlohangshxrwvdduyd.onion
-
txtorconn website: http://fjblvrw2jrxnhtg67qpbzi45r7ofojaoo3orzykesly2j3c2m3htapid.onion/
(Also NEVER trust onions you read on a wiki :) )
How to setup your own prop224 service
It's easy! Just use your regular onion service torrc and add HiddenServiceVersion 3 in your hidden service torrc block.
For more detailed instructions see the official instructions.