14 DAY TRIAL // The Tor Project has announced that Tor 0.3.0 is now officially the new stable series of the free and open-source software project designed to prevent government agencies from learning your location or Internet browsing habits.
After being in development for the past several months, TOR 0.3.0.6 is now the latest stable version of the software, introducing a bunch of new features and improvements. The most prominent one being the revamp of the guard selection algorithm to better resist guard-capture attacks by hostile local networks.
The Tor 0.3.0 stable series also deprecates the use of old RSA1024 keys for both relays and clients, which now make use of Ed25519 keys to authenticate their link connections to relays. As such, the default for AuthDirPinKeys is now 1, and it looks like circuit crypto has been Curve25519-authenticated.
"By default, this is controlled by a consensus parameter, currently disabled. You can turn this feature on for testing by setting ExtendByEd25519ID in your configuration. This might make your traffic appear different than the traffic generated by other users, however," reads the release announcement.
Moreover, Tor 0.3.0 lays more groundwork for the upcoming next-generation hidden services by enabling handling of ESTABLISH_INTRO v3 cells, along with support for the HSDir version 3 protocol for all Tor relays, allowing storing and serving of version 3 descriptors.
Tor 0.3.0 stable series to be supported for nine months
Among other noteworthy features implemented in Tor 0.3.0.6, we can mention better resist DNS-based correlation attacks, such as the DefecTor attack of Greschbach, Pulls, Roberts, Winter, and Feamster, by changing the algorithm used for determining DNS TTLs on both server and client side.
IPv6 traffic is now enabled by default on SocksPort, a "check_existing" mode was injected into the updateFallbackDirs.py script for checking if fallbacks in the hard-coded list work correctly or not, and Tor replays now support a broader range of ciphersuites, including AES-CCM and chacha20-poly1305.
A list of ciphersuites that are closer to the ones preferred by the Mozilla Firefox is now advertised by Tor clients, a new protocol version for proposal 224 has been added, and it looks like descriptors that claim to be malformed versions of Tor are now automatically rejected by directory authorities.
Two OutboundBindAddressOR and OutboundBindAddressExit options are now used to allow separation of exit and relay traffic to different source IP addresses, the smartlist_add(sl, tor_strdup(str)) function was replaced by smartlist_add_strdup(), and the length of RSA keys used for TLS link authentication was extended to 2048 bits.
The geoip and geoip6 databases have been updated to the April 4, 2017, Maxmind GeoLite2 Country database. Tor 0.3.0 stable series will be supported for at least nine months starting today, or for three months after the release of the Tor 0.3.1 series. You can download the Tor 0.3.0.6 source tarball right now from our website.