Tor Moves to Cut Guard-Capture Attacks

Friday, April 28, 2017 @ 03:04 PM gHale


The Tor Project said Tor 0.3.0 is now the new stable series of the open-source software designed to prevent government agencies from learning location or Internet browsing habits.

In development for the past several months, Tor 0.3.0.6 is now the latest stable version of the software. The top new feature is the guard selection algorithm to better resist guard-capture attacks by hostile local networks.

RELATED STORIES
Security Updates for Tor Browser
Chrome Updated with Security Fixes
Firefox Zero Day Mitigated
Tor Browser 6.5 Update Releases

The Tor 0.3.0 stable series also deprecates the use of old RSA1024 keys for relays and clients, which now make use of Ed25519 keys to authenticate their link connections to relays. As such, the default for AuthDirPinKeys is now 1, and it looks like circuit crypto has been Curve25519-authenticated.

“By default, this is controlled by a consensus parameter, currently disabled. You can turn this feature on for testing by setting ExtendByEd25519ID in your configuration. This might make your traffic appear different than the traffic generated by other users, however,” said Tor officials in a blog post.

Tor 0.3.0 lays more groundwork for the upcoming next-generation hidden services by enabling handling of ESTABLISH_INTRO v3 cells, along with support for the HSDir version 3 protocol for all Tor relays, allowing storing and serving of version 3 descriptors.

Among other features in Tor 0.3.0.6, is it can better resist DNS-based correlation attacks, such as the DefecTor attack of Greschbach, Pulls, Roberts, Winter, and Feamster, by changing the algorithm used for determining DNS TTLs on server and client side.

IPv6 traffic is now enabled by default on SocksPort, a “check_existing” mode was injected into the updateFallbackDirs.py script for checking if fallbacks in the hard-coded list work correctly or not, and Tor replays now support a broader range of ciphersuites, including AES-CCM and chacha20-poly1305.

Two OutboundBindAddressOR and OutboundBindAddressExit options are now used to allow separation of exit and relay traffic to different source IP addresses, the smartlist_add(sl, tor_strdup(str)) function was replaced by smartlist_add_strdup(), and the length of RSA keys used for TLS link authentication was extended to 2048 bits.



Leave a Reply

You must be logged in to post a comment.