[tor-bugs] #7098 [Tor]: Add safe-cookie authentication to Extended ORPort and TransportControlPort
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Oct 12 02:14:07 UTC 2012
#7098: Add safe-cookie authentication to Extended ORPort and TransportControlPort
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-bridge | Parent: #4773
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by rransom):
The ‘safe cookie authentication’ protocol was limited to using the same
cookie file format (32 uniform random bytes; no headers) as the old cookie
authentication protocol, mostly because I didn't want to have to add code
to write another cookie file to Tor. The reason for the new protocol was
that 32-byte files could also be used to store secret key material for
other systems, and I did not want Tor controllers to disclose the contents
of such files to an attacker. Thus, I had two main design goals for the
safe cookie authentication protocol:
* Use the cookie data in a manner as unlike any sane cryptographic
protocol as reasonably possible, so that any protocol which would be
vulnerable to a ‘cross-protocol attack’ involving safe cookie
authentication would be blatantly asking for it.
* Prove to the client that the server knows the contents of the cookie
file (or that someone else is using it in a way that is clearly intended
to conflict with safe cookie authentication) before the client discloses
any information about the cookie.
If you can use e.g. a 64-byte file with a 32-byte constant header for your
protocols, you can use something a little simpler and nicer (perhaps using
the 32-byte secret from the file as the HMAC key, and putting the
protocol-identifying and ‘client-to-server’-versus-‘server-to-client’
static string(s) in the HMAC message).
But even if you don't want to improve the cryptographic protocol, I
''strongly'' recommend that you not use anything that looks like Tor's
current control-port protocol anywhere else. Send fixed-length binary
byte strings around, and skip the hex-encoding and text parsing.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7098#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list