[tor-relays] Hashed password behaviour
teor
teor2345 at gmail.com
Sun Oct 15 11:49:38 UTC 2017
> On 15 Oct 2017, at 07:26, Geoff Down <geoffdown at fastmail.net> wrote:
>
>> On Sun, Oct 15, 2017, at 01:51 AM, teor wrote:
>>
>>> On 14 Oct 2017, at 20:33, Geoff Down <geoffdown at fastmail.net> wrote:
>>>
>>> Hello all,
>>> what sort of crazy bug would make Tor give different hashes for the same
>>> password?
>>>
>>> $ tor --hash-password hello
>>> 16:735E6FA5355D4146606AFE25B61B411DF419878C99705164D038FC99BC
>>> $ tor --hash-password hello
>>> 16:8201E7D35BB8CACB60BF8947B49A3480BA1A17E77EDA8BE45790746884
>>> $ tor --version
>>> Tor version 0.3.1.7 (git-6babd3d9ba9318b3).
>>
>> This is normal behaviour for salted hashes.
>>
> But which one then goes in the torrc?
Either.
If one doesn't work, that's a bug (or there's an extra space in the password).
> And how then can the password sent to the control port be matched if its
> hash changes?
HashedControlPassword contains algorithm,salt,hash(algorithm,salt,password)
The password is hashed with the salt using an algorithm, and the hash is
matched against hash(algorithm,salt,password).
> Surely a salted hash has to use the same salt every time?
No, it's precisely the opposite: a salted hash provides protection
*because* it uses a different salt every time. This protects against
rainbow tables, which contain hashes of common password strings
(or in some cases, all sufficiently short strings).
Some background that may be helpful:
https://en.m.wikipedia.org/wiki/Salt_(cryptography)
T
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171015/3cebdb44/attachment.html>
More information about the tor-relays
mailing list