On 2012-02-05, Damian Johnson wrote:
>> Unlike other commands besides AUTHENTICATE
>
> AUTHENTICATE and PROTOCOLINFO
>
>> HMAC-SHA256("Tor controller-to-server cookie authenticator", CookieString)
>
> I'm more than a little green with HMAC. Does this mean that the hmac
> key is that static string,
> Unlike other commands besides AUTHENTICATE
AUTHENTICATE and PROTOCOLINFO
> HMAC-SHA256("Tor controller-to-server cookie authenticator", CookieString)
I'm more than a little green with HMAC. Does this mean that the hmac
key is that static string, so it would be implemented like...
import hmac
See attached, because GMail would wrap lines if I sent it inline.
Robert Ransom
Filename: xxx-safe-cookie-authentication.txt
Title: Safe cookie authentication for Tor controllers
Author: Robert Ransom
Created: 2012-02-04
Status: Open
Overview:
Not long ago, all Tor controllers which automatic
