[tor-bugs] #3064 [Vidalia]: Vidalia stores ControlPassword as plaintext
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon May 2 01:19:19 UTC 2011
#3064: Vidalia stores ControlPassword as plaintext
--------------------------+-------------------------------------------------
Reporter: tornewbie | Owner: chiiph
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: Vidalia | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
--------------------------+-------------------------------------------------
Comment(by atagar):
Shouldn't we be expecting the user to remember the password if they
manually set it? Saving the password this way means that password auth ==
cookie auth which makes it pointless.
Cookie auth relies on file readability while a manual password should
(imho) prompt the user and never store the password on disk unhashed.
On a side note, using a random password makes the control port unusable to
other controllers. This isn't often an issue, but it does make random
passwords a no-go in some use cases. For instance, when I use TBB I also
attach arm so I edit the MaxCircuitDirtiness attribute and keep a closer
eye on my circuits.
Cheers! -Damian
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3064#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list