[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #5262 [Stem]: Implement Safe Cookie in Stem
#5262: Implement Safe Cookie in Stem
-------------------------+--------------------------------------------------
Reporter: atagar | Owner: gsathya
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Stem | Version:
Keywords: | Parent: #5185
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Ticket for tracking the work to implement and test Robert's new Safe
Cookie authentication method in stem.
Robert has written a [https://gitweb.torproject.org/rransom/tor-
utils.git/shortlog/refs/heads/safecookie-python python script] to handle
the authentication so this task is to...
1. Distill his script to just what we need to perform the authentication.
2. Implement safe cookie in the
[https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/connection.py
connection module]. This involves adding SAFE_COOKIE to the AuthMethod
enum, adding a new 'authenticate_safe_cookie' function, and adding this to
the 'authenticate' method.
3. Write
[https://gitweb.torproject.org/stem.git/blob/HEAD:/test/unit/connection/authentication.py
integration tests] similar to the current auth cookie tests.
The safe cookie authentication method has not been merged into tor and,
until it is, we'll be keeping this feature in a separate branch.
Part of the safe cookie proposal was the deprecation and removal of the
previous authentication cookie method. Stem should include this
deprecation notice in its pydocs and we should add the upcoming
deprecation to the
[https://trac.torproject.org/projects/tor/wiki/doc/stem#TorWorkaroundDeprecations
tor workaround deprecation] section so we remember to remove
authentication support later (otherwise the vulnerability Robert is trying
to fix will still exist).
At the moment gsathya has offered to help by taking the first pass at this
- good luck!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5262>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs