[tor-bugs] #7098 [Tor]: Add safe-cookie authentication to Extended ORPort and TransportControlPort
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 19 16:21:17 UTC 2012
#7098: Add safe-cookie authentication to Extended ORPort and TransportControlPort
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: needs_review
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-bridge | Parent: #4773
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by asn):
Hm, I'm considering replacing:
{{{
+ ClientHash is computed as:
HMAC-SHA256("ExtORPort authentication safe cookie client-to-server
hash",
CookieString | ClientNonce | ServerNonce)
}}}
with:
{{{
+ ClientHash is computed as:
HMAC-SHA256(SHA256(CookieString | ClientNonce | ServerNonce),
"ExtORPort authentication safe cookie client-to-server
hash")
}}}
and the same for `ServerHash`. This allows us to use the HMAC construction
correctly (secret used as the HMAC key).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7098#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list