[tor-dev] Proposal xxx: Safe cookie authentication

Damian Johnson atagar1 at gmail.com
Mon Feb 6 20:59:08 UTC 2012

> See branch safecookie of
> https://gitweb.torproject.org/rransom/torspec.git for a revised ‘safe
> cookie authentication’ protocol

The spec still doesn't look reader friendly but guess we won't be
expecting too many clients to implement this. One other note is that
keywords like 'must' should be capitalized similar to other parts of
the spec.

> This needs testing
> and a backport, and a few Trac tickets.

We could save some work by writing a handler for this in stem.
Currently when you run...

git clone git://git.torproject.org/stem.git
./stem/run_tests.py --integ --target RUN_ALL --tor /path/to/your/tor

You'll exercise all of the connection and authentication use cases
within around a minute, including...
* no control port or socket
* control port
* control socket
* no auth
* password auth
* cookie auth
* multiple auth methods

This will confirm that you aren't inadvertently breaking something
else. Then if we add the safe cookie handshake and integ test it'll be
easier for you to test this change as it's developed (test runs with a
single target take around eight seconds). I'd be happy to help if you
can get just about any python snippet correctly authenticating to your

Cheers! -Damian

More information about the tor-dev mailing list