[tor-bugs] #18330 [Tor Launcher]: Tor Launcher only accepts HEXDIGIT passwords for controller
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 21 21:20:27 UTC 2016
#18330: Tor Launcher only accepts HEXDIGIT passwords for controller
--------------------------+-----------------------
Reporter: gk | Owner: brade
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor Launcher | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+-----------------------
Changes (by mcs):
* cc: mcs (added)
Comment:
Kathy and I spent a little time looking at this issue. We should add
support to Tor Launcher for passwords that are not hex-encoded, and gk is
correct that the code in _hashPassword() within tl-protocol.js is part of
the problem. But we need to agree on a spec. for TOR_CONTROL_PASSWD
because Tor Launcher needs an unambiguous way to determine which kind of
encoding is used.
Kathy and I propose that Tor Launcher will treat double-quoted strings as
plain, UTF-8 (unencoded) passwords; otherwise, Tor Launcher will assume
the password is hex-encoded (and complain if anything other than hex
digits are used in that case).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18330#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list