[tor-bugs] #14389 [Tor]: Improve TBB UI of hidden service client authorization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Mar 13 01:09:28 UTC 2015
#14389: Improve TBB UI of hidden service client authorization
------------------------+--------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.???
Component: Tor | Version:
Resolution: | Keywords: tor-hs
Actual Points: | Parent ID:
Points: |
------------------------+--------------------------
Comment (by arthuredelstein):
Replying to [comment:10 asn]:
> 3. Tor asks TBB through the control port for the shared secret of this
onion.
I set up a test hidden site requiring basic authorization, and then
attempted to make various connections with Tor Browser, watching HS_DESC
events in the Control Port. Here are the results:
With the correct onion address but no credentials I saw several of:
`650 HS_DESC FAILED [onion address] NO_AUTH [relay] REASON=BAD_DESC`
with an incorrect onion address (note different final character):
`650 HS_DESC FAILED [wrong onion address] NO_AUTH [relay]
REASON=NOT_FOUND`
and with the correct onion address and setting the proper credentials
using
`setconf HidServAuth="[onion address] [passcode]"`
I got
`650 HS_DESC RECEIVED [onion address] BASIC_AUTH [relay]`
So it seems Tor already lets a controller know that credentials are needed
for an onion site when an attempt to connect without credentials fails. If
`HS_DESC FAILED ... REASON=BAD_DESC` is encountered, we can pop up the
dialog in the browser UI asking the user for credentials, and then attempt
to connect again if they enter some.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14389#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list