Although several parts of Tor have been redesigned and upgraded over many years, the algorithm for the HashedControlPassword still remained the same.
It still uses SHA-1 as the basis of the OpenPGP S2K algorithm, despite the fact that the algorithm has long-since been obsolete by newer and better hashing algorithms (on top of it, has had some practical collision attacks[1]).
This is made worse by the fact that the S2K algorithm is not iterative (in the sense of recursive hashing), but rather repeats the salt+password many times in the hash digest until it reaches a certain amount of bytes. Theoretically, an attacker can expose this to autheticate into a Tor Control Port without having to know the password.
Are there any plans to revamp the algorithm for newer Tor versions?
On 01/03/2025 17.33, techmetx11 via tor-dev wrote:
Are there any plans to revamp the algorithm for newer Tor versions?
I don't think so. All the focus right now is on getting Arti into a state where it can replace all of Tor's current usage. Arti has just gotten an RPC layer that we hope to get feedback on from integrators.
C Tor is in a development mode right now where we mostly fix things that are needed for the Tor Network (relays, and tooling around relays), and features/removal of features that makes it easier to implement our protocols for Arti.
As the ControlPort is generally only used on local machines, I doubt this is something that we will want to fix.
Cheers, Alex
-
Alexander Hansen Færøy -
techmetx11