commit 9740f067c4bed47beb63483be4f4636167a04019 Author: Nick Mathewson nickm@torproject.org Date: Mon Mar 26 14:06:27 2012 -0400

Safe cookie authentication gets a changes file --- changes/safecookie | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/changes/safecookie b/changes/safecookie new file mode 100644 index 0000000..fd7d7af --- /dev/null +++ b/changes/safecookie @@ -0,0 +1,9 @@ + o Security Features: + - Provide controllers with a safer way to implement the cookie + authentication mechanism. With the old method, if another locally + running program could convince a controller that it was the Tor + process, then that program could trick the contoller into + telling it the contents of an arbitrary 32-byte file. The new + "SAFECOOKIE" authentication method uses a challenge-response + approach to prevent this. Fixes bug 5185, implements proposal 193. +