- Tor abandons tor1 in favor of a more powerful, research-based relay encryption system
- CGO introduces modern protections that block network-wide tagging attacks
- Wide block encryption makes modified cells unrecoverable and stops predictable interception attempts.
Tor has introduced a new relay encryption system called Counter Galois Onion (CGO) to replace the old tor1 algorithm.
The change is intended to make the network more resilient against modern interception techniques that could compromise user privacy.
CGO is based on a robust pseudo-random permutation called UIV+, designed by cryptography researchers to meet rigorous security requirements.
Address vulnerabilities in tor1
Tor reports that this system has been verified for tagging resistance, forward secrecy, longer authentication tags, and efficient operation without adding significant bandwidth overhead.
The previous tor1 relay encryption had multiple weaknesses by modern standards, primarily because it relied on AES-CTR encryption without hop-by-hop authentication, which allowed a potential adversary controlling the relays to modify traffic in a predictable way, creating tagging attack opportunities.
It also reused AES keys across an entire circuit, offering only a partial forward secret, and used a 4-byte SHA-1 digest for authentication, giving a small chance for a spoofed cell to go undetected.
Tor maintains that while only the first issue is critical, all three represent areas that require improvement as cryptography standards evolve.
CGO introduces wide block encryption and tag chaining, making modified cells and future traffic unrecoverable, effectively blocking tagging attacks.
The keys are updated after each cell to prevent decryption of previous traffic even if the current keys are exposed.
SHA-1 has been completely removed and replaced with a 16-byte authenticator, improving overall security.
Circuit integrity is strengthened by chaining encrypted tags and nonces between cells, making any tampering immediately detectable.
Tor emphasizes that these measures address previous weaknesses while maintaining reasonable performance.
The CGO system is being integrated into both the C Tor implementation and the Rust-based Arti client.
The feature is currently experimental and additional work is planned for onion service negotiation and performance optimization.
Tor browser users do not need to take any action to benefit from CGO as the update will be applied automatically once the system is fully deployed.
A timeline for when CGO will become the default encryption method has not yet been announced.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
