- Tor dumps tor1 and moves to a stronger, research-driven relay encryption system
- CGO introduces modern protection that blocks tagging attacks across the network
- Wide-block encryption makes modified cells unrecoverable and stops predictable eavesdropping attempts
Tor has introduced a new relay encryption system called Counter Galois Onion (CGO) to replace the older tor1 algorithm.
The change aims to make the network more resilient to modern eavesdropping techniques that could compromise users’ privacy.
CGO is built on a Rugged Pseudorandom Permutation called UIV+, designed by cryptography researchers to meet strict security requirements.
Addressing vulnerabilities in tor1
Tor reports that this system has been verified for tagging resistance, forward secrecy, longer authentication tags, and efficient operation without adding significant bandwidth.
The previous tor1 relay encryption had several weaknesses by modern standards, mainly as it relied on AES-CTR encryption without hop-by-hop authentication, which allowed a potential adversary controlling relays to alter traffic predictably, creating opportunities for tagging attacks.
It also recycled AES keys through a circuit, offering only partial forward secrecy, and used a 4-byte SHA-1 digest for authentication, giving a small chance that a spoofed cell could go undetected.
Tor maintains that while only the first issue is critical, all three represent areas that require improvement as cryptography standards evolve.
CGO introduces wide-block encryption and tag chaining, which makes modified cells and future traffic unrecoverable, effectively blocking tagging attacks.
The keys are updated after each cell to prevent decryption of previous traffic even if current keys are revealed.
SHA-1 has been removed entirely and replaced with a 16-byte authentication, improving overall security.
Circuit integrity is strengthened by chaining encrypted tags and nonces across cells, making any tampering immediately apparent.
Tor emphasizes that these measures address previous weaknesses while maintaining reasonable performance.
The CGO system will be integrated into both the C Tor implementation and the Rust-based Arti client.
The feature is currently experimental, with further work planned for onion service negotiation and performance optimization.
Tor Browser users do not need to take any action to take advantage of CGO, as the update will apply automatically once the system is fully implemented.
A timeline for when CGO will become the default encryption method has not yet been announced.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
