[tor-dev] A series of questions about Tor (m1 support, forward secrecy, v3 auth)

Holmes Wilson h at zbay.llc
Fri Jul 23 21:46:47 UTC 2021

Hi everyone,

A few disjointed questions that have come up recently in our work with Tor:


We just got a report from a user that the tor binary for Mac was using much more CPU on Apple Silicon / M1 than it used on Intel. Has anyone scene anything like this? Is there an arm64 build of tor binary for Mac, existing or in the works? 

(Related: do Tor developers have a few M1 Macs to test on? We could probably donate one if not!) 


Is there a good source for documentation on how forward secrecy works in Tor, and on what security guarantees it provides? Googling finds things like this reddit post (https://www.reddit.com/r/TOR/comments/cryrjx/does_tor_use_pfs/) but I can’t find any detailed information about it, what threat models it fits, etc. 

One specific question is, if two users are communicating by sending messages over a connection to an onion service (like ricochet) and an attacker surveils their internet traffic and compromises their devices at a later date, will the attacker be able to recover the clear text of their conversation? When are keys for a given connection destroyed? Does it happen continuously throughout the course of a Tor connection? Or on the creation of a new circuit? Or what?


Does v3 onion authentication protect against DOS attacks? That is, can someone who is not authorized to connect to an onion address with authentication enabled still cause problems for that onion address? Can they connect to it at all, in the sense of being able to send data to the tor client at that onion address? Or does the Tor network itself prevent this connection from even happening? 

A related question is, if we’re looking to deny connections to an onion address to any unauthorized users, and we’re considering turning off onion authentication and implementing some standard authentication scheme that seems fairly well-supported at the web server layer, is there any security-related reason why we would be better off using Tor’s own authentication instead? Using our own authentication scheme will be a bit easier to control, rather than having to send commands to Tor (and possibly restart it for removing users?) but I’m wondering if there are security properties we lose by doing that. 


Also, apologies if any of these questions aren’t clear or well-formed! 


More information about the tor-dev mailing list