[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #5262 [Stem]: Implement Safe Cookie in Stem

To: undisclosed-recipients:;
Subject: [tor-bugs] #5262 [Stem]: Implement Safe Cookie in Stem
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 28 Feb 2012 21:34:48 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 28 Feb 2012 16:35:00 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5262: Implement Safe Cookie in Stem
-------------------------+--------------------------------------------------
Reporter: atagar | Owner: gsathya
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Stem | Version:
Keywords: | Parent: #5185
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Ticket for tracking the work to implement and test Robert's new Safe
Cookie authentication method in stem.

Robert has written a [https://gitweb.torproject.org/rransom/tor-
utils.git/shortlog/refs/heads/safecookie-python python script] to handle
the authentication so this task is to...

1. Distill his script to just what we need to perform the authentication.

2. Implement safe cookie in the
[https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/connection.py
connection module]. This involves adding SAFE_COOKIE to the AuthMethod
enum, adding a new 'authenticate_safe_cookie' function, and adding this to
the 'authenticate' method.

3. Write
[https://gitweb.torproject.org/stem.git/blob/HEAD:/test/unit/connection/authentication.py
integration tests] similar to the current auth cookie tests.

The safe cookie authentication method has not been merged into tor and,
until it is, we'll be keeping this feature in a separate branch.

Part of the safe cookie proposal was the deprecation and removal of the
previous authentication cookie method. Stem should include this
deprecation notice in its pydocs and we should add the upcoming
deprecation to the
[https://trac.torproject.org/projects/tor/wiki/doc/stem#TorWorkaroundDeprecations
tor workaround deprecation] section so we remember to remove
authentication support later (otherwise the vulnerability Robert is trying
to fix will still exist).

At the moment gsathya has offered to help by taking the first pass at this
- good luck!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5262>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5231 [Tor Client]: Sometimes Tor makes very long (=many hops) circuits
Next by Author: Re: [tor-bugs] #3962 [Tor Check]: Add duckduckgo searchbox to check.tp.o?
Previous by thread: Re: [tor-bugs] #5261 [Tor bundles/installation]: TBB for Linux tries to talk to an X session manager
Next by thread: Re: [tor-bugs] #3962 [Tor Check]: Add duckduckgo searchbox to check.tp.o?
Index(es):
- Author
- Thread