|
|
|
|
|
|
by gzer0
1741 days ago
|
|
|
That's being quite unfair to the developers. The entire process has been public and announced well in advance. You are welcome to download the Tor source code and add v2 functionality back in, and you’ll be able to visit sites hosted by people who have done the same. No one is stopping you. To very quickly summarize why we are deprecating, in one word: Safety. Onion
service v2 uses RSA1024 and 80 bit SHA1 (truncated) addresses [1]. It also
still uses the TAP [2] handshake which has been entirely removed from Tor for
many years now _except_ v2 services. Its simplistic directory system exposes
it to a variety of enumeration and location-prediction attacks that give HSDir
relays too much power to enumerate or even block v2 services. Finally, v2
services are not being developed nor maintained anymore. Only the most severe
security issues are being addressed. That being said, the deprecation timeline is now quite simple because v3 has
reached a good maturity level: * v3 has been the default since Tor 0.3.5.1-alpha.
* v3 is feature parity with v2.
* v3 now has Onion Balance support [3]
* Entire network supports v3 since the End-of-Life of 0.2.9.x series earlier
this year.
|
|
|
Citation (literally) needed.