Tor Switches to New Counter Galois Onion Relay Encryption Algorithm
An Anonymous Coward writes:
Tor has announced improved encryption and security for the circuit traffic by replacing the old tor1 relay encryption algorithm with a new design called Counter Galois Onion (CGO).
One reason behind this decision is to make the network more resilient against modern traffic-interception attacks that could compromise data security and undermine Tor user anonymity.
The Tor network is a global system consisting of thousands of relays that create a circuit for data packets to travel to their destination through three relays (entry, middle, and exit), each hop adding a layer of encryption (onion routing).
Users of the Tor Browser, a hardened version of Firefox built for browsing the Tor network, benefit from this onion routing to communicate privately, share or access information anonymously, bypass censorship, and evade ISP-level tracking.
Typically, Tor is used by dissidents, activists, whistleblowers, journalists, researchers, and generally privacy-conscious people, including cybercriminals looking to access darknet markets.
As the Tor team explains in an announcement, Tor1 was developed at a time when cryptography was far less advanced than today, and the standards have improved significantly since then.
One issue with the tor1 design is that it uses AES-CTR encryption without hop-by-hop authentication, which leads to malleable relay encryption. This means that an adversary could modify traffic between relays they control and observe predictable changes - a tagging attack that is part of the internal covert channel class of attacks.
Another problem is that tor1 uses partial forward secrecy by reusing the same AES keys throughout a circuit's lifetime, enabling decryption in the event of key theft.
A third security concern is that tor1 uses a 4-byte SHA-1 digest for cell authentication, giving attackers a one-in-4 billion probability to forge a cell without being detected.
The Tor project notes that only the first attack in the list is more severe, and the last two examples were mentioned "for the sake of completeness."
Read more of this story at SoylentNews.