[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal xxx: Safe cookie authentication



> Unlike other commands besides AUTHENTICATE

AUTHENTICATE and PROTOCOLINFO

> HMAC-SHA256("Tor controller-to-server cookie authenticator", CookieString)

I'm more than a little green with HMAC. Does this mean that the hmac
key is that static string, so it would be implemented like...

import hmac
cookie_file = open("/path/to/cookie")
h = hmac.new("Tor controller-to-server cookie authenticator",
cookie_file.read())

# that second wrapper, where it looks like the above is the key
h = hmac.new(h.hexdigest(), server_challenge_response)

# send to the controller
send_to_controller(h.hexdigest())

Also, is "HMAC-SHA256" some special hmac implementation that I need to
look up? Is it part of the builtin python lib?

Speaking as someone who will need to implement the controller side of
this I'm not really sure what I'm supposed to do with this. Some
points of clarification that are needed:

1. Is CLIENTCHALLENGE just any arbitrary client provided string used
as a salt for the hash?
2. The CLIENTRESPONSE is something that I validate then discard, right?
3. What happens if a user issues a AUTHCHALLENGE, PROTOCOLINFO, then
AUTHENTICATE? What about PROTOCOLINFO, AUTHCHALLENGE, AUTHENTICATE?

Personally I don't see the reason for the last handshake. The
controller is proving that it should have access by providing the
cookie contents. Providing both the cookie contents and
SERVERCHALLENGE proves that we sent and received the AUTHCHALLENGE
which isn't terribly interesting.

If we only included the AUTHCHALLENGE message and response then this
would not require a new authentication method so controllers could opt
into the extra cookie validation. That said, if your intent is to
force controllers to do the SAFECOOKIE handshake then this makes
sense.

Cheers! -Damian
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev