On 15 Oct 2017, at 07:26, Geoff Down <geoffdown@fastmail.net> wrote:

On Sun, Oct 15, 2017, at 01:51 AM, teor wrote:

On 14 Oct 2017, at 20:33, Geoff Down <geoffdown@fastmail.net> wrote:

Hello all,
what sort of crazy bug would make Tor give different hashes for the same
password?

$ tor --hash-password hello
16:735E6FA5355D4146606AFE25B61B411DF419878C99705164D038FC99BC
$ tor --hash-password hello
16:8201E7D35BB8CACB60BF8947B49A3480BA1A17E77EDA8BE45790746884
$ tor --version
Tor version 0.3.1.7 (git-6babd3d9ba9318b3).

This is normal behaviour for salted hashes.

But which one then goes in the torrc?

Either.
If one doesn't work, that's a bug (or there's an extra space in the password).

And how then can the password sent to the control port be matched if its
hash changes?

HashedControlPassword contains algorithm,salt,hash(algorithm,salt,password)

The password is hashed with the salt using an algorithm, and the hash is
matched against hash(algorithm,salt,password).

Surely a salted hash has to use the same salt every time?

No, it's precisely the opposite: a salted hash provides protection
*because* it uses a different salt every time. This protects against
rainbow tables, which contain hashes of common password strings
(or in some cases, all sufficiently short strings).

Some background that may be helpful:

https://en.m.wikipedia.org/wiki/Salt_(cryptography)

T