[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #7098 [Tor]: Add safe-cookie authentication to Extended ORPort and TransportControlPort

#7098: Add safe-cookie authentication to Extended ORPort and TransportControlPort
------------------------+---------------------------------------------------
 Reporter:  asn         |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.4.x-final
Component:  Tor         |        Version:                    
 Keywords:  tor-bridge  |         Parent:  #4773             
   Points:              |   Actualpoints:                    
------------------------+---------------------------------------------------

Comment(by rransom):

 The âsafe cookie authenticationâ protocol was limited to using the same
 cookie file format (32 uniform random bytes; no headers) as the old cookie
 authentication protocol, mostly because I didn't want to have to add code
 to write another cookie file to Tor.  The reason for the new protocol was
 that 32-byte files could also be used to store secret key material for
 other systems, and I did not want Tor controllers to disclose the contents
 of such files to an attacker.  Thus, I had two main design goals for the
 safe cookie authentication protocol:

  * Use the cookie data in a manner as unlike any sane cryptographic
 protocol as reasonably possible, so that any protocol which would be
 vulnerable to a âcross-protocol attackâ involving safe cookie
 authentication would be blatantly asking for it.
  * Prove to the client that the server knows the contents of the cookie
 file (or that someone else is using it in a way that is clearly intended
 to conflict with safe cookie authentication) before the client discloses
 any information about the cookie.

 If you can use e.g. a 64-byte file with a 32-byte constant header for your
 protocols, you can use something a little simpler and nicer (perhaps using
 the 32-byte secret from the file as the HMAC key, and putting the
 protocol-identifying and âclient-to-serverâ-versus-âserver-to-clientâ
 static string(s) in the HMAC message).

 But even if you don't want to improve the cryptographic protocol, I
 ''strongly'' recommend that you not use anything that looks like Tor's
 current control-port protocol anywhere else.  Send fixed-length binary
 byte strings around, and skip the hex-encoding and text parsing.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7098#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs