[tor-bugs] #20022 [Core Tor/Tor]: Tor should deprecate insecure cookie auth

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Aug 29 21:01:07 UTC 2016


#20022: Tor should deprecate insecure cookie auth
--------------------------+---------------------
 Reporter:  dkg           |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Normal        |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+---------------------

Comment (by atagar):

 No strong opinion here from me, but for what it's worth SecureCookie auth
 is a bit trickier for controllers to implement...

 https://gitweb.torproject.org/stem.git/tree/stem/connection.py#n743
 https://gitweb.torproject.org/stem.git/tree/stem/connection.py#n833

 By dropping normal cookie authentication we may encourage some folks to
 use either password auth (or if they find that annoying, drop
 authentication altogether).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20022#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list