[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Proposal xxx: Safe cookie authentication



> See branch safecookie of
> https://gitweb.torproject.org/rransom/torspec.git for a revised ‘safe
> cookie authentication’ protocol

The spec still doesn't look reader friendly but guess we won't be
expecting too many clients to implement this. One other note is that
keywords like 'must' should be capitalized similar to other parts of
the spec.

> This needs testing
> and a backport, and a few Trac tickets.

We could save some work by writing a handler for this in stem.
Currently when you run...

git clone git://git.torproject.org/stem.git
./stem/run_tests.py --integ --target RUN_ALL --tor /path/to/your/tor

You'll exercise all of the connection and authentication use cases
within around a minute, including...
* no control port or socket
* control port
* control socket
* no auth
* password auth
* cookie auth
* multiple auth methods

This will confirm that you aren't inadvertently breaking something
else. Then if we add the safe cookie handshake and integ test it'll be
easier for you to test this change as it's developed (test runs with a
single target take around eight seconds). I'd be happy to help if you
can get just about any python snippet correctly authenticating to your
feature.

Cheers! -Damian
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev