- Tor is abandoning Tor1 and moving to a more robust, research-based relay encryption system.
- CGO Unveils State-of-the-Art Defenses That Block Online Tag Attacks
- Wide-block encryption makes tampered cells unrecoverable and stops predictable eavesdropping attempts.
Tor introduced a new relay encryption system called Counter Galois Onion (CGO), which replaced the old tor1 algorithm.
This change is intended to make the network more resistant to modern interception techniques that could compromise user privacy.
CGO is built on a robust pseudo-random permutation called UIV+, developed by cryptography researchers to meet stringent security requirements.
Fixing vulnerabilities in tor1
Tor says the system has been tested for tagging resistance, forward secrecy, longer authentication tags, and efficient operation without significantly increasing throughput.
The previous tor1 relay encryption had many flaws by modern standards, mainly because it relied on AES-CTR encryption without step-by-step authentication, which allowed a potential attacker operating the relays to predictably alter traffic, opening the door to tag attacks.
It also reused AES keys throughout the chain, providing only partial forward secrecy, and used a 4-byte SHA-1 digest for authentication, which gave a small chance that a fake cell could go undetected.
Tor argues that while only the first issue is critical, all three are areas for improvement as cryptography standards evolve.
CGO introduces wide-block encryption and tag chaining, which makes modified cells and future traffic unrecoverable, effectively blocking tag-based attacks.
The keys are updated after each cell to prevent past traffic from being decrypted even if the current keys are revealed.
SHA-1 has been completely removed and replaced with a 16-byte authenticator, improving overall security.
Circuit integrity is enhanced by combining encrypted tags and nonces between cells, allowing any tampering to be immediately detected.
Tor emphasizes that these measures address previous shortcomings while maintaining acceptable performance.
The CGO system integrates into both the C Tor implementation and the Rust-based Arti client.
This feature is currently experimental, with more work planned to align onion services and optimize performance.
Tor Browser users do not need to take any action to take advantage of CGO as the update will be applied automatically once the system is fully deployed.
A timeline for when CGO will become the default encryption method has not yet been announced.
By using BeepingComputer
Follow TechRadar on Google News. And add us as your preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the “Subscribe” button!
And of course you can also Follow TechRadar on TikTok for news, reviews, unboxing videos and get regular updates from us on whatsapp too much.
:quality(85):upscale()/2025/11/30/819/n/49352476/a2121ee8692c8fa058a424.45335740_.png?w=150&resize=150,150&ssl=1 "Our Editors Found the Best Kohl's Hidden Cyber Monday Deals – Up to 68% Off")
