[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/maint-0.2.2] Safe cookie authentication gets a changes file
commit 9740f067c4bed47beb63483be4f4636167a04019
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Mon Mar 26 14:06:27 2012 -0400
Safe cookie authentication gets a changes file
---
changes/safecookie | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/changes/safecookie b/changes/safecookie
new file mode 100644
index 0000000..fd7d7af
--- /dev/null
+++ b/changes/safecookie
@@ -0,0 +1,9 @@
+ o Security Features:
+ - Provide controllers with a safer way to implement the cookie
+ authentication mechanism. With the old method, if another locally
+ running program could convince a controller that it was the Tor
+ process, then that program could trick the contoller into
+ telling it the contents of an arbitrary 32-byte file. The new
+ "SAFECOOKIE" authentication method uses a challenge-response
+ approach to prevent this. Fixes bug 5185, implements proposal 193.
+
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits