commit 043051b79f929b39d77eb1520b4fc65a721e85ae Author: Mike Perry mikeperry-git@fscked.org Date: Wed Aug 10 09:58:42 2011 -0700

Clarify control port authentication.

Encoded hex strings are useful, but the previous revision conflated them with how the tor implementations stores them on disk. --- control-spec.txt | 10 +++++++--- 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/control-spec.txt b/control-spec.txt index 160adf4..4aba1fa 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -293,14 +293,18 @@ 3.5. AUTHENTICATE

Sent from the client to the server. The syntax is: - "AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF + "AUTHENTICATE" [ SP N*HEXDIG / QuotedString ] CRLF

The server responds with "250 OK" on success or "515 Bad authentication" if the authentication cookie is incorrect. Tor closes the connection on an authentication failure.

- The format of the 'cookie' is implementation-dependent; see 5.1 below for - information on how the standard Tor implementation handles it. + The authentication token can be specified as either a quoted ASCII string, + or as an unquoted hexadecimal encoding of that same string (to avoid escaping + issues). + + For information on how the implementation securely stores authentication + information on disk, see section 5.1.

Before the client has authenticated, no command other than PROTOCOLINFO, AUTHENTICATE, or QUIT is valid. If the controller sends any other command,