[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] About the key derivation algorithm used in the Control Port password authentication

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] About the key derivation algorithm used in the Control Port password authentication
From: techmetx11 via tor-dev <tor-dev@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 1 Mar 2025 16:33:24 +0000
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
Reply-to: techmetx11 <techmetx11@xxxxxxxxxxx>

Although several parts of Tor have been redesigned and upgraded over
many years, the algorithm for the HashedControlPassword still remained
the same.

It still uses SHA-1 as the basis of the OpenPGP S2K algorithm, despite
the fact that the algorithm has long-since been obsolete by newer and
better hashing algorithms (on top of it, has had some practical
collision attacks[1]).

This is made worse by the fact that the S2K algorithm is not iterative
(in the sense of recursive hashing), but rather repeats the
salt+password many times in the hash digest until it reaches a certain
amount of bytes. Theoretically, an attacker can expose this to
autheticate into a Tor Control Port without having to know the password.

Are there any plans to revamp the algorithm for newer Tor versions?

[1]: https://shattered.io/
_______________________________________________
tor-dev mailing list -- tor-dev@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to tor-dev-leave@xxxxxxxxxxxxxxxxxxxx

Follow-Ups:
- [tor-dev] Re: About the key derivation algorithm used in the Control Port password authentication
  - From: Alexander Hansen Færøy via tor-dev

Prev by Author: [tor-dev] Proposal 356: Increasing netdoc strictness not considered (very) harmful
Next by Author: [tor-dev] Re: About the key derivation algorithm used in the Control Port password authentication
Next by thread: [tor-dev] Re: About the key derivation algorithm used in the Control Port password authentication
Index(es):
- Author
- Thread