[tor-bugs] #28675 [Core Tor/Tor]: Tor needs torrc option to disable standard cookie authentication

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Dec 1 10:15:07 UTC 2018


#28675: Tor needs torrc option to disable standard cookie authentication
-------------------------+------------------------------
 Reporter:  wagon        |          Owner:  arma
     Type:  enhancement  |         Status:  assigned
 Priority:  Medium       |      Component:  Core Tor/Tor
  Version:               |       Severity:  Normal
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
 Reviewer:               |        Sponsor:
-------------------------+------------------------------
 According to Tor ​[[https://gitweb.torproject.org/torspec.git/tree
 /control-spec.txt|specs]], cookie authentication is deprecated:


 > the COOKIE authentication method has been deprecated and will be removed
 from a future version of Tor.


 Now standard applications such as tor-browser and stem/Nyx use safecookie
 mechanism. If somebody needs to authenticate with safecookie at
 commandline, it can be done
 [[https://trac.torproject.org/projects/tor/ticket/28295#comment:7|too]].

 As intermediate step before complete removal of standard cookie
 authentication I suggest to add a `torrc` option which disables it by
 default (e.g. `DisableStandardCookieAuthentication 1`). If some old
 application still needs it, this option can be changed to 0.

 It was discussed
 [[https://trac.torproject.org/projects/tor/ticket/28295#comment:7|here]]
 in relation to Nyx.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28675>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list