[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Proposal 193: Safe cookie authentication
I've pushed a revised protocol change to branch safecookie of
git.tpo/rransom/torspec.git, and a (messy, needs rebase,
untested) implementation to branch safecookie-023 of
git.tpo/rransom/tor.git.
Now, the client and server nonces are fed to the same HMAC
invocation, so that the client can believe (modulo Merkle-Damgard
and general iterative hash function âfeaturesâ) that the server
knows the cookie (rather than just HMAC(constant, cookie)).
Almost all controllers must drop almost all support for non-safe
cookie authentication ASAP, because a compromised system-wide Tor
process could drop a symlink to /home/rransom/.ed25519-secret-key in
where it was supposed to put a cookie file.
The sole exception to ânon-safe cookie authentication must dieâ is
when a controller knows that it is connected to a server process with
equal or greater access to the same filesystem it has access to. In
practice, this means âonly if you're completely sure that Tor is
running in the same user account as the controller, and you're
completely sure that you're connected to Torâ, and no controller is
sure of either of those.
Robert Ransom
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev