[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Safe cookie authentication gets a changes file

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [tor/master] Safe cookie authentication gets a changes file
From: nickm@xxxxxxxxxxxxxx
Date: Mon, 26 Mar 2012 22:53:38 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 26 Mar 2012 18:53:52 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: code repository commits <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Sender: tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx

commit 9740f067c4bed47beb63483be4f4636167a04019
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Mon Mar 26 14:06:27 2012 -0400

    Safe cookie authentication gets a changes file
---
 changes/safecookie |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/changes/safecookie b/changes/safecookie
new file mode 100644
index 0000000..fd7d7af
--- /dev/null
+++ b/changes/safecookie
@@ -0,0 +1,9 @@
+  o Security Features:
+    - Provide controllers with a safer way to implement the cookie
+      authentication mechanism. With the old method, if another locally
+      running program could convince a controller that it was the Tor
+      process, then that program could trick the contoller into
+      telling it the contents of an arbitrary 32-byte file. The new
+      "SAFECOOKIE" authentication method uses a challenge-response
+      approach to prevent this. Fixes bug 5185, implements proposal 193. 
+



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [torspec/master] We will remove COOKIE, but can't promise 0.2.4.1-alpha
Next by Author: [tor-commits] [tor/master] Merge remote-tracking branch 'rransom-tor/safecookie-022-v3' into maint-0.2.2
Previous by thread: [tor-commits] r25572: {website} Openssl 1.0.0 was released a while ago (website/trunk/docs/en)
Next by thread: [tor-commits] [tor/master] Merge remote-tracking branch 'rransom-tor/safecookie-022-v3' into maint-0.2.2
Index(es):
- Author
- Thread