> I don't know whether that would be acceptable to controller authors
> and users.
I'm fine with a couple things...
* adding a tor provided blacklist
* adding a tor provided whitelist *if* Tor itself fails to start when
the torrc has an CookieAuthFile outside of that list and all versions
which a
On 2012-02-07, Nick Mathewson wrote:
> On Sun, Feb 5, 2012 at 7:46 AM, Robert Ransom
> wrote:
>> See attached, because GMail would wrap lines if I sent it inline.
>
> Added as proposal 193.
Remember to push it.
> This seems like a general case of "A and B prove to each other that
> they both kn
On Sun, Feb 5, 2012 at 7:46 AM, Robert Ransom wrote:
> See attached, because GMail would wrap lines if I sent it inline.
Added as proposal 193.
This seems like a general case of "A and B prove to each other that
they both know some secret S without revealing S." Are there existing
protocols for
> See branch safecookie of
> https://gitweb.torproject.org/rransom/torspec.git for a revised ‘safe
> cookie authentication’ protocol
The spec still doesn't look reader friendly but guess we won't be
expecting too many clients to implement this. One other note is that
keywords like 'must' should be
See branch safecookie of
https://gitweb.torproject.org/rransom/torspec.git for a revised ‘safe
cookie authentication’ protocol (in spec-patch form); see branch
safecookie-023 of https://gitweb.torproject.org/rransom/tor.git for a
completely untested implementation on Tor 0.2.3.x. This needs testin
On 2012-02-05, Damian Johnson wrote:
>> Unlike other commands besides AUTHENTICATE
>
> AUTHENTICATE and PROTOCOLINFO
>
>> HMAC-SHA256("Tor controller-to-server cookie authenticator", CookieString)
>
> I'm more than a little green with HMAC. Does this mean that the hmac
> key is that static string,
> Unlike other commands besides AUTHENTICATE
AUTHENTICATE and PROTOCOLINFO
> HMAC-SHA256("Tor controller-to-server cookie authenticator", CookieString)
I'm more than a little green with HMAC. Does this mean that the hmac
key is that static string, so it would be implemented like...
import hmac
See attached, because GMail would wrap lines if I sent it inline.
Robert Ransom
Filename: xxx-safe-cookie-authentication.txt
Title: Safe cookie authentication for Tor controllers
Author: Robert Ransom
Created: 2012-02-04
Status: Open
Overview:
Not long ago, all Tor controllers which automatic
