[tor-dev] My implementation of hash for controller password - torhash

Damon (TheDcoder) TheDcoder at disroot.org
Fri May 3 07:45:19 UTC 2019

Hello everyone!

I have written a very simple tool called torhash
<https://github.com/TheDcoder/torhash> to generate hashed
passwords/strings according to the instructions in control spec to
authenticate with the controller interface (TC?). I did not actually
study the S2K algorithm since I found it hard to understand RFC 2440, I
studied source code and bit by bit I figured out what was happening
behind the scenes!

The reason I did this is that I am working on another program called
ProxAllium <https://proxallium.dtw.tools/> which acts as a graphical
user interface for Tor, I am currently in the process of rewriting
<https://github.com/DcodingTheWeb/ProxAllium/tree/next-gen> it in C to
make it cross-platform (along with a few other reasons...). I hit a
roadblock while I was implementing support for interacting with the
controller interface, I had to make a choice between calling Tor to
generate the hashed password or to hash the password in the program
itself. I felt like hashing the password in the program itself was the
right choice, I had a few other weak reasons to not call Tor for hashing
the password but my gut was the main motivator behind this choice.

I created torhash (apologies about the bad name choice) as a
proof-of-concept and to improve my general programming skills, I had no
prior experience working with cryptography or hash functions on this
level, so I went with the simplest library I could find for hashing the
data. I could have gone with OpenSSL, as I believe that it is the
de-facto cross-platform standard for cryptography and cryptographic
hashing, I am currently looking into using it, but I am not yet sure if
this is a good idea.

I would be grateful if some of you can take out some time to have a
look, I am very excited to hear your opinions and any advice that you
may have to help me improve, the code itself is very simple and short
(114 lines of code). Pardon any mistakes or bad code that I may have
written, I have only begun programming relatively recently and my
experience with low-level development (with C) is very recent.

Thank you for reading and for the input in advance!

Best Regards,

Damon H. (TheDcoder)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190503/c3e8ff48/attachment.html>

More information about the tor-dev mailing list