Tor Officially Announces Deadline to Terminate Onion V2 Addresses

As early as 2020, Tor officially announced that the V2 version of the onion address will be terminated due to a loophole in the cryptography used . Recently, the Tor official development team officially confirmed that it will stop using the old version from July 2021 and require all users to migrate to Onion V3.

The reminder of the event comes from the Tor official Twitter . The specific time point given by the Tor official is: Tor will release a new version on July 15, 2021, which will disable the support for Onion V2 addresses. The final decision will end on October 15th this year. At that time, the stable version of Tor Explorer will completely disable this version.

The difference between these two stages is that in a stage corresponding to July 15, 2021, although users can still use it through some internal configuration in the browser, it is recommended to discontinue the default compatibility with Onion V2 Sex. Instead, starting from October 15th, Tor will no longer be compatible with the old version at all .

This change was made three years after the Onion V3 address was released on January 9, 2018. According to the development team itself, it has better cryptography and higher security than the previous version. Similarly, since V3 is currently a standard version, revisions will only be made after V3 has been successfully implemented on all nodes of the Tor network.

The version change will greatly improve the security and privacy of users who use the Tor service, but it should be noted that the deactivation of the V2 version will not directly affect users, but the website that uses the V2 version of the address domain name.

Reasons for changing from Onion V2 to V3

The URL in the Tor browser has a .onion domain suffix, which corresponds to, for example, .com , .io , .org or any other URL suffix in traditional websites. These provide a type of encryption from the Web to the user, creating an encrypted connection that cannot be traced.

The second version of .onion was developed along with the first version of Tor's address shortly after Tor was released in 2004.

The purpose is to encrypt the connection using the algorithm for this purpose, in the case of Onion V2, SHA-1 is used. This encryption algorithm is one of the predecessors of the encryption algorithm used by Bitcoin (SHA256). At that time, the encryption algorithm provided users with a medium-level security encryption.

With the exponential growth of calculations in recent years, the algorithm has become fragile and has even been broken in practice . This caused it to be terminated by various programs. The Chrome browser itself displays warnings about websites that use SSL certificates with SHA-1 encryption .

The SHA-1 algorithm is vulnerable to collision attacks, in which two different inputs can generate the same hash. Source:

Taking into account the possible vulnerabilities, the Tor development team plans to raise the security level to a new level before 2015. By 2018, the product is ready to show the third version of Onion Address, which uses ed25519 to improve its cryptographic signature algorithm, which provides better encryption functions than its predecessor.

Tor and Bitcoin

Tor is a secure network architecture, which is based on the distributed network paradigm. Like Bitcoin uses, the communication between nodes is decentralized. It encrypts the user's connection and protects it from third-party tracking.

Because of this, Tor and Bitcoin are often closely linked. A specific example is the winning project of the MIT Bitcoin Expo 2021 hackathon reported by CriptoNoticias at the time . The project was called Onion'78. The goal is to use Tor PayJoin systems and network architectures to improve the bit currency trading in privacy, allowing the use of more personal connection. This is just one of many examples of Bitcoin projects that use Tor to increase privacy.

From:On DarkNet – Dark Web News and Analysis
Copyright of the article belongs to the author, please do not reproduce without permission.

<<Pre Post
Next Post>>