Renowned for its anonymity, the Tor browser team is striving for the pinnacle in the pursuit of encryption keys that are difficult to crack. To generate such keys, it is necessary to innovate and upgrade the random algorithms. For those unfamiliar with encryption keys and random algorithms, let’s first review these two concepts.
A key is a parameter that is input data in the algorithm that converts plaintext to ciphertext or vice versa. An encryption algorithm is the transformation function that converts plaintext into ciphertext. A random encryption algorithm uses a random function generator, producing different outputs for different inputs in various runs.
In early June, Tor released version 6.5a1, which includes an enhanced version featuring a new random algorithm called Selfrando. Recently, researchers from the University of California, Irvine published a detailed paper on this technology, defining the new algorithm as follows:
This is an enhanced, practical random loading time technology. Simply put, this technology is better at preventing hackers from de-anonymizing Tor users.
The Tor team and researchers from the University of California have invested significant effort in collaborating to develop Selfrando, aiming to replace traditional address space random loading techniques.
The address space random loading technique allows code to transform within its running memory, while Selfrando works by separating different functional codes and randomly distributing their memory addresses.
If an attacker cannot accurately guess the memory address where each code executes, they cannot exploit vulnerabilities present in memory, thus preventing the Tor browser from running their malicious code, which better protects users’ personal information.
All binary files in Selfrando are built on the same hard disk and will only be randomly distributed once loaded into main memory.
Randomly distributing code in memory may sound like it would slow down execution, but this is not the case. Researchers state that the Tor enhanced version with Selfrando technology increases runtime by less than 1% based on benchmark tests.
Moreover, the Selfrando technology does not require developers to make significant changes to existing code.Researchers say,
Using Selfrando does not require changes to build tools or running processes. In most cases, implementing Selfrando is as simple as adding a new compiler and linker option to the existing build script.
Tor has always been a thorn in the side of the FBI. The FBI has tirelessly researched how to break Tor, even spending money to hire teams to help identify the true identities of Tor users. It is well-known that Tor is used in many notorious industries, such as illegal trading websites (Silk Road) and pornographic portals. Therefore, the FBI’s tracking of Tor users is often seen as justified.
However, anonymity is innocent, and no one knows if the information the FBI obtains is used for other purposes. Furthermore, the FBI’s efforts to crack Tor user information pose a threat to personal privacy and the Tor project and its team. This comprehensive upgrade is primarily aimed at countering the FBI’s relentless pursuit. Last year, the FBI managed to extract some exploitable vulnerabilities from Firefox and Tor third-party services, but now they will be left far behind.
宅客『Letshome』
雷锋网旗下业界报道公众号。
Focusing on cutting-edge technology, telling the stories behind hackers.
Click to read the original text, and let’s discuss the stories of the top 100 hackers.
