tech

tl;dr – v3 = stronger crypto. harder to generate look-a-like urls to stop phishing. no one will ever find or sniff/snoop out your v3 address unless you tell them or post it somewhere.

They will always be 16 characters long. Each character has 32 possible values. Therefore, there are 32¹⁶ == 1,208,925,819,614,629,174,706,176 unique v2 onion addresses.

Example = facebookcorewwwi.onion

• the address is “the first 80 bits of the SHA-1 of the 1024-bit RSA key”

They will always be 56 characters long. A v3 address will always end in a d due to the way v3 onion service names are encoded.

Example = vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion

Some reasons for the update to move from v2 onions:

• The cryptographic building blocks use updated or more secure signature algorithms and hashing methods. For instance, the older SHA1/DH/RSA1024 was swapped with SHA3/ed25519/curve25519.

• Directory protocol has been improved and now leaks less metadata to directory servers. This is, in part, to avoid attacks where a hidden service can be censored easily based on the descriptor. To prevent predictability Tor uses, different, pseudo random variables. Time period, public keys, shared random values, etc.

• “Better onion address security against impersonation; more extensible introduction/rendezvous protocol; and a cleaner and more modular codebase.”