TOR security land

In July 2020, the Tor Project released the timeline for the depreciation of version two onion services (v2) in favor of the more secure version three onion services (v3).

By October 16, 2021, the short onion services will no longer functionally exist.

The Tor Project is forcing the transition from v2 onion services to onion services for the sole purpose of safety, according to a tor talk message from David Goulet:

Onion service v2 uses RSA1024 and 80 bit SHA1 (truncated) addresses. It also still uses the TAP handshake which has been entirely removed from Tor for many years now except v2 services. Its simplistic directory system poses to a variety of enumeration and location-prediction attacks that give HSDir relays too much power to enumerate or even block v2 services.

Finally, v2 services are not being developed nor maintained anymore. Only the most severe security issues are being addressed.

As described in the Tor Project’s blog post, onion service operators have had years to transition their users and infrastructure to v3 onion services. The Tor Project does anticipate difficulties though.

Article Categories:
Anonymity & Privacy
Security Land

Security Land is not just an website - it's a collective intelligence of cybersecurity enthusiasts, experts, and analysts.

    Leave a Reply