For long-time users of Tor, the days of shorter onion addresses are a distant memory. The shift to the current Onion V3 addresses marked a significant change in the Tor network's evolution. But why did this transformation occur, and what are the technical details behind it? In this article, we’ll take a journey through the history and timeline of onion addresses, exploring how they’ve evolved to improve security and functionality.
Onion V1 and V2 Addresses
The distinct short 16 character characteristic of onion V1 and V2 addresses came from their use of RSA1024. Despite using the same encryption protocol Onion V1 was very different from Version 2. V2 introducted points and rendezvous points that act like tunnels in between the client and server.
Points are nodes chosen by the hidden service to act as entry tunnels, allowing clients to securely connect to the hidden service without knowing its actual location.Rendezvous points are random nodes where the client and the hidden service meet, allowing them to securely communicate through this node, ensuring neither party knows each other's location.
Service descriptors are signed files containing a hidden service’s public key, introduction points, and other metadata, stored across Tor's distributed directory system. They enable clients to find and connect to hidden services without revealing any identifiable information like IP addresses. Clients retrieve these descriptors using the .onion address, derived from the service's public key.
Version 2 introduced several cryptographic upgrades, but diving into all of them would take us off track. The two mentioned above are considered the most significant.
Short Addresses
Some may long for the days of the old Onion V2 addresses—the convenience of typing "dreadditevelidot.onion" by hand to access Dread, or easily remembering other services. The shift to Onion V3 addresses was finalized by mid 2021. The onion V3 protocol with its longer addresses, brought a significant security boost, especially for the future.
Onion V3: The Big Change
Version 3 addresses improve security by replacing RSA1024 with the Ed25519 elliptic curve cryptography standard. This shift increases the cryptographic strength of the .onion address, making it far more resistant to brute-force address hijack attacks due to the larger key size and the complexity of elliptic curve mathematics.
As a result, Onion V3 addresses are 56 characters long, compared to the 16-character addresses in Onion V2, because Ed25519 keys require more space to encode. The change not only makes it significantly harder for attackers to guess or hijack an address but also futureproofs the system against potential quantum computing threats, as Ed25519 is more resilient to quantum-based cryptographic attacks than RSA1024.
Conclusion
This is a classic case of every upside having a downside. While Tor addresses have been significantly hardened, the trade-off is that addresses are now much longer and, frankly, less appealing. They're nearly impossible to remember unless you’re a genius, but given the major security enhancements, it's a trade-off we can’t really complain about.
0 Comments