- Tor abandons tor1 and moves to a more powerful, research-focused relay encryption system
- CGO introduces modern protections that block network tagging attacks
- Large-block encryption makes modified cells unrecoverable and stops predictable interception attempts
Tor introduced a new relay encryption system called Counter Galois Onion (CGO) to replace the old tor1 algorithm.
The change aims to make the network more resistant to modern interception techniques that could compromise user privacy.
CGO is built on a robust pseudo-random permutation called UIV+, designed by cryptography researchers to meet rigorous security requirements.
Fix tor1 vulnerabilities
Tor reports that this system has been verified for tagging resistance, forward secrecy, longer authentication tags, and efficient operation without adding significant bandwidth overhead.
Previous tor1 relay encryption had multiple weaknesses by modern standards, primarily because it relied on AES-CTR encryption without hop-by-hop authentication, allowing a potential adversary controlling the relays to modify traffic in predictable ways, creating opportunities for a tagging attack.
It also reused AES keys throughout a circuit, providing only partial privacy, and used a 4-byte SHA-1 digest for authentication, giving a small chance that a tampered cell could go unnoticed.
Tor maintains that while only the first issue is critical, all three represent areas requiring improvement as cryptographic standards evolve.
CGO introduces extended block ciphers and beacon chaining, which make modified cells and future traffic unrecoverable, effectively blocking beacon attacks.
Keys are updated after each cell to prevent decryption of past traffic even if current keys are exposed.
SHA-1 has been removed entirely and replaced with a 16-byte authenticator, improving overall security.
Circuit integrity is enhanced by chaining encrypted tags and nonces between cells, making any tampering immediately detectable.
Tor emphasizes that these measures address previous weaknesses while maintaining reasonable performance.
The CGO system is being integrated into both the C Tor implementation and the Rust-based Arti client.
The feature is currently experimental, with additional work planned for Onion service negotiation and performance optimization.
Tor Browser users do not need to take any action to benefit from CGO, as the update will apply automatically once the system is fully deployed.
The timeline for when CGO will become the default encryption method has not yet been announced.
Via a Bleeping computer
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
