[tor-bugs] #5185 [Tor Client]: Implement ‘safe cookie authentication’ in Tor
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Mar 19 18:16:56 UTC 2012
#5185: Implement ‘safe cookie authentication’ in Tor
--------------------------+-------------------------------------------------
Reporter: rransom | Owner:
Type: enhancement | Status: needs_review
Priority: critical | Milestone: Tor: 0.2.2.x-final
Component: Tor Client | Version:
Keywords: security-fix | Parent:
Points: | Actualpoints:
--------------------------+-------------------------------------------------
Changes (by nickm):
* status: needs_revision => needs_review
Comment:
Okay, looks fine. On the AUTHCHALLENGE quoting issue, I still disagree,
but I'll solve my objections by adding a note to the spec that says that
the challenges need to be generated with a secure PRNG. I also disagree
about tor_assert() style, but not enough to change the code right now.
I think arma is doing a release RSN and would be sad if I merged another
patch today. I'll merge this immediately after he does that release, or
after he tells me that he is not in fact doing a release RSN.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5185#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list