[tor-bugs] #7098 [Tor]: Add safe-cookie authentication to Extended ORPort and TransportControlPort
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 19 22:29:54 UTC 2012
#7098: Add safe-cookie authentication to Extended ORPort and TransportControlPort
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-bridge | Parent: #4773
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by asn):
Replying to [comment:16 rransom]:
> Why not `HMAC-SHA256(CookieString, "ExtORPort authentication safe cookie
client-to-server hash" || ClientNonce || ServerNonce)`?
Yes, or that.
I'll use your variant. It does a SHA256() less, and it separates secret
from non-secret correctly.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7098#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list