[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] My implementation of hash for controller password - torhash

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] My implementation of hash for controller password - torhash
From: "Damon (TheDcoder)" <TheDcoder@xxxxxxxxxxx>
Date: Fri, 3 May 2019 13:15:19 +0530
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 03 May 2019 03:45:39 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1556869522; bh=JsQHkpr86dTV8lChhHdHmbzWYwYBhJ8VHG51I3Cy8Lk=; h=From:Subject:To:Date; b=ftxh9Zf1WgXecTIITPJ/xwPasBYSf11mwNXP+O7fc04MGOKgvXQIJXxgBO+6KYU4M 9oYIkP7M4CZshegPzHwbuzlsr1mvr70jH+mGndWYNjTEkUS6Z6cCI9WYez0IWA/96z 85i9yFPm9YHYNUnuzo5L8mCzKXu/x21Nu8RBJRRbaEQ0NbjSzd/kn2puKOwD9527KB ZzxLTaIBNGowq1FJMluFFSYR+O3ek/mxeYfZ5UoureCC1Vv5Fq6AqpmProXkBL/dYl wu/k1xqKTb8PZqW9YaaXx5jgfdYJb6cS8KNPGf3WRPwwJYei25RIdKXeP07tLcQ/lw BDh41Vz7GGtmA==
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

Hello everyone!

I have written a very simple tool called torhash to generate hashed passwords/strings according to the instructions in control spec to authenticate with the controller interface (TC?). I did not actually study the S2K algorithm since I found it hard to understand RFC 2440, I studied source code and bit by bit I figured out what was happening behind the scenes!

The reason I did this is that I am working on another program called ProxAllium which acts as a graphical user interface for Tor, I am currently in the process of rewriting it in C to make it cross-platform (along with a few other reasons...). I hit a roadblock while I was implementing support for interacting with the controller interface, I had to make a choice between calling Tor to generate the hashed password or to hash the password in the program itself. I felt like hashing the password in the program itself was the right choice, I had a few other weak reasons to not call Tor for hashing the password but my gut was the main motivator behind this choice.

I created torhash (apologies about the bad name choice) as a proof-of-concept and to improve my general programming skills, I had no prior experience working with cryptography or hash functions on this level, so I went with the simplest library I could find for hashing the data. I could have gone with OpenSSL, as I believe that it is the de-facto cross-platform standard for cryptography and cryptographic hashing, I am currently looking into using it, but I am not yet sure if this is a good idea.

I would be grateful if some of you can take out some time to have a look, I am very excited to hear your opinions and any advice that you may have to help me improve, the code itself is very simple and short (114 lines of code). Pardon any mistakes or bad code that I may have written, I have only begun programming relatively recently and my experience with low-level development (with C) is very recent.

Thank you for reading and for the input in advance!

Best Regards,

Damon H. (TheDcoder)

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] My implementation of hash for controller password - torhash
  - From: Damon H. (TheDcoder)

Prev by Author: Re: [tor-dev] Fuck You Van Gegel
Next by Author: Re: [tor-dev] My implementation of hash for controller password - torhash
Previous by thread: [tor-dev] [GSoD] Project 4: Help us write architecture documentation for Tor
Next by thread: Re: [tor-dev] My implementation of hash for controller password - torhash
Index(es):
- Author
- Thread