On 15 Oct 2017, at 07:26, Geoff Down geoffdown@fastmail.net wrote:
On Sun, Oct 15, 2017, at 01:51 AM, teor wrote:
On 14 Oct 2017, at 20:33, Geoff Down geoffdown@fastmail.net wrote:
Hello all, what sort of crazy bug would make Tor give different hashes for the same password?
$ tor --hash-password hello 16:735E6FA5355D4146606AFE25B61B411DF419878C99705164D038FC99BC $ tor --hash-password hello 16:8201E7D35BB8CACB60BF8947B49A3480BA1A17E77EDA8BE45790746884 $ tor --version Tor version 0.3.1.7 (git-6babd3d9ba9318b3).
This is normal behaviour for salted hashes.
But which one then goes in the torrc?
Either. If one doesn't work, that's a bug (or there's an extra space in the password).
And how then can the password sent to the control port be matched if its hash changes?
HashedControlPassword contains algorithm,salt,hash(algorithm,salt,password)
The password is hashed with the salt using an algorithm, and the hash is matched against hash(algorithm,salt,password).
Surely a salted hash has to use the same salt every time?
No, it's precisely the opposite: a salted hash provides protection *because* it uses a different salt every time. This protects against rainbow tables, which contain hashes of common password strings (or in some cases, all sufficiently short strings).
Some background that may be helpful:
https://en.m.wikipedia.org/wiki/Salt_(cryptography)
T