[tor-bugs] #28295 [Core Tor/Nyx]: Non-interactive way to supply ControlPort password for nyx and tor-prompt is needed
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 5 17:42:30 UTC 2018
#28295: Non-interactive way to supply ControlPort password for nyx and tor-prompt
is needed
--------------------------+------------------------------
Reporter: wagon | Owner: atagar
Type: enhancement | Status: assigned
Priority: Medium | Milestone:
Component: Core Tor/Nyx | Version: Tor: 0.3.4.8
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------
Comment (by atagar):
> I would say the opposite: cookie authentication is a poor man's password
authentication.
Your two points are true for ControlSockets, but a ControlPort with cookie
authentication shouldn't differ from password authentication in this
respect. In either case nyx is 'providing the contents of a file to tor's
control port'. The only difference is that with
[https://stem.torproject.org/faq.html#i-m-using-password-authentication
password authetnication] its your raw password, with
[https://stem.torproject.org/faq.html#i-m-using-cookie-authentication
cookie auth] it's an autogenerated hash in a file with especially
restricted permissions, and with SafeCookie it's a more complicated
handshake that prevents replay attacks and such.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28295#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list