release of tools , used to organize the work of the anonymous Tor network. Tor 0.4.1.5 is recognized as the first stable release of the 0.4.1 branch, which has been in development for the past four months. The 0.4.1 branch will be maintained as part of the regular maintenance cycle - updates will be discontinued after 9 months or 3 months after the release of the 0.4.2.x branch. Long Cycle Support (LTS) is provided for the 0.3.5 branch, which will receive updates until February 1, 2022.
Main innovations:
- Experimental support for incremental seeding at the chain level has been implemented to improve protection against Tor traffic detection methods. Client now adds padding cells at the beginning of chains , making the traffic on those chains more like regular outbound traffic. The price of increased security is the addition of two additional cells in each direction for RENDEZVOUS chains, as well as one upstream and 10 downstream slots for INTRODUCE chains. The method is activated when the MiddleNodes option is specified in the settings and can be disabled through the CircuitPadding option;
- support for authenticated SENDME cells to protect against , based on the creation of a parasitic load, in the case when the client requests the download of large files and suspends read operations after sending requests, but continues to send SENDME control commands instructing input nodes to continue transmitting data. Each cell
SENDME now includes a hash of the traffic it validates, and an end node, when receiving a SENDME cell, can verify that the other side has already received the traffic sent when processing past cells; - The composition includes an implementation of a generalized subsystem for transmitting messages in the publisher-subscriber mode, which can be used to organize intra-module interaction;
- To parse control commands, a generalized parsing subsystem is used instead of a separate parsing of the input data of each command;
- Performance optimizations have been made to reduce the load on the CPU. Tor now uses a separate fast pseudo-random number generator (PRNG) for each stream, which is based on AES-CTR cipher mode and buffering constructs like libottery and the new arc4random() code from OpenBSD. For small output data, the proposed generator is faster than CSPRNG from OpenSSL 1.1.1 by almost 100 times. Although the new PRNG is rated cryptographically secure by the Tor developers, it has so far only been used in places that require high performance, such as incremental padding attachment scheduling code;
- Added "--list-modules" option to list enabled modules;
- For the third version of the hidden services protocol, the HSFETCH command is implemented, which was previously supported only in the second version;
- Fixed bugs in the Tor startup code (bootstrap) and ensuring the implementation of the third version of the Hidden Services Protocol.
Source: opennet.ru