Proposal: New PROTOCOLINFO command for controllers

Roger Dingledine arma at mit.edu
Fri Aug 24 06:00:27 UTC 2007 

On Tue, Aug 14, 2007 at 02:29:41PM -0400, Nick Mathewson wrote:
> >   Here we describe how to help controllers locate the cookie
> >   authentication file when authenticating to Tor, so we can a) require
> >   authentication by default for Tor controllers and b) still keep
> >   things usable.
> 
> Also, this is an extensible, general-purpose mechanism that
> controllers use to learn what kind of authentication is
> needed/protocol is spoken before authenticating.

Matt has pointed out that right now Tor doesn't let you configure both
CookieAuthentication and HashedControlPassword. I can't think of a
reason for this -- it seems to me that if both are configured, then Tor
should allow auth by either approach. Maybe in situations with multiple
controllers, some of them would find reading a cookie file easier,
and some would find remembering a password easier. We should let that
happen; let me know if you see a reason not to. Nick also spoke of
allowing multiple HashedControlPassword lines, and thus supporting
several passwords (any of which will work).

The next observation was that it's a bit hard for Tor to know *how* you're
attempting to authenticate to it. Right now it looks at the argument to
AUTHENTICATE, and if the first character is hex then it thinks you're
trying a password, and if it's a quote then it thinks you're trying a
cookie, and if it's empty it thinks you're trying a null authenticate.

> >   AuthMethod =
> >     "NULL"           / ; No authentication is required
> >     "HASHEDPASSWORD" / ; A controller must supply the original password
> >     "COOKIE"         / ; A controller must supply the contents of a cookie

I suggest the AUTHENTICATE line should also allow you to say
HASHEDPASSWORD=foo or COOKIE="bar" as arguments. This will let us one day
add another type of auth that can't be distinguished just by the encoding
of its argument. I guess for completeness we might accept NULL= as well.
Since the current Tors won't accept the new more explicit approach,
controllers should only use it when the protocolinfo response indicates
a new enough Tor version.

Plausible?

--Roger

More information about the tor-dev mailing list