The group of Tor developers are improving the Onion routing protocol by developing their very own random number generator to make anonymous communications sent over Tor harder to crack.
The Tor anonymity network (named after The Onion Router project) consists of software that anonymises and redirects internet traffic through a worldwide network of relays, comprised of volunteers who set up their computers as Tor exit nodes, in order to offer at least three layers of encryption, whereby the source and the final destination of the Tor path is completely anonymised.
The network is used both by people who have privacy concerns and don't want governments and internet service providers (ISP) to be able to spy on their activities online, as well as by others who have nefarious purposes in mind — for example, people who want to obtain firearms, narcotics and counterfeit goods from secret underground marketplaces on the Dark Web.
The Tor network uses RSA encryption to encrypt the data sent over it. This method requires the factoring of large integers from two prime numbers to produce two mathematically-linked keys, a public key and a private key, which are needed to decrypt messages.
The private key is kept secret and needs to be generated from a source of randomness to keep the message secure. However, it is difficult to develop "truly random" numbers using current methods as algorithms eventually cause sequences of numbers to repeat themselves, and computers tend to follow instructions blindly and so are completely predictable.
Updated Onion protocol will feature 55-character onion addresses
At a recent hackathon in Montreal, Canada, a group of Tor developers decided to design a system that enabled random number generation on the Tor network. To that end, they came up with a distributed random number generator that gets multiple computers to create random numbers and then blends the outputs together to create one single random number.
According to the Tor Project, this single random number cannot be predicted in advance, not even by the developers themselves, and the system will be used in the new version of the Onion protocol in order to make Tor communications more secure.
"Tor developers finished implementing the protocol several months ago, and since then we've been reviewing, auditing, and testing the code," the Tor Project wrote in a blog post.
"As far as we know, a distributed random generation system like this has never been deployed before on the Internet. It's a complex system with multiple protocol phases that involves many computers working together in perfect synergy."
The Tor Project says that it tested out the souped-up Onion protocol using a mini Tor network of 11 nodes in different countries, and found that the system can survive any network failures happening on the real internet.
"For example, we instructed our testing Tor nodes to abort at crucial protocol moments, and come back in the worst time possible ways, just to stress test the system. We had our nodes run ancient Tor versions, perform random chaotic behaviours, disappear and never come back," the developers said.
Although there is no confirmation about when it will be released, the next generation of Tor will also feature 55-character-long onion addresses, rather than the current 16-character-long addresses used at the moment.