On 2012-03-16, Sebastian Hahn wrote:
>
> On Feb 10, 2012, at 12:02 AM, Robert Ransom wrote:
>> The sole exception to ‘non-safe cookie authentication must die’ is
>> when a controller knows that it is connected to a server process with
>> equal or greater access to the same filesystem it has access
On Feb 10, 2012, at 12:02 AM, Robert Ransom wrote:
> The sole exception to ‘non-safe cookie authentication must die’ is
> when a controller knows that it is connected to a server process with
> equal or greater access to the same filesystem it has access to. In
> practice, this means ‘only if you
I've pushed a revised protocol change to branch safecookie of
git.tpo/rransom/torspec.git, and a (messy, needs rebase,
untested) implementation to branch safecookie-023 of
git.tpo/rransom/tor.git.
Now, the client and server nonces are fed to the same HMAC
invocation, so that the client can believe
