[tor-bugs] #5185 [Tor Client]: Implement ‘safe cookie authentication’ in Tor

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Mar 19 18:16:56 UTC 2012


#5185: Implement ‘safe cookie authentication’ in Tor
--------------------------+-------------------------------------------------
 Reporter:  rransom       |          Owner:                    
     Type:  enhancement   |         Status:  needs_review      
 Priority:  critical      |      Milestone:  Tor: 0.2.2.x-final
Component:  Tor Client    |        Version:                    
 Keywords:  security-fix  |         Parent:                    
   Points:                |   Actualpoints:                    
--------------------------+-------------------------------------------------
Changes (by nickm):

  * status:  needs_revision => needs_review


Comment:

 Okay, looks fine.  On the AUTHCHALLENGE quoting issue, I still disagree,
 but I'll solve my objections by adding a note to the spec that says that
 the challenges need to be generated with a secure PRNG.  I also disagree
 about tor_assert() style, but not enough to change the code right now.

 I think arma is doing a release RSN and would be sad if I merged another
 patch today.  I'll merge this immediately after he does that release, or
 after he tells me that he is not in fact doing a release RSN.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5185#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list