[tor-bugs] #7098 [Tor]: Add safe-cookie authentication to Extended ORPort and TransportControlPort
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Oct 23 13:15:49 UTC 2012
#7098: Add safe-cookie authentication to Extended ORPort and TransportControlPort
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Keywords: tor-bridge | Parent: #4773
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by asn):
OK. I guess we have two options then:
----
Protocol A:
A very simple protocol that uses the cookie as a client-to-server
password. The cookie is extracted from a cookie-file with a header, so as
to avoid sending passwords of other systems on the wire.
Note that this protocol does not make sure that the server knows the
password. Do we even care about weird setups were a local attacker binds
on localhost pretending to be a Tor port, and then fires up a controller
to get the cookie?
Protocol B:
A protocol that uses challenge-response and the cookie as a secret, so as
to not reveal the cookie to servers that don't know it already.
We can use Robert's scheme, or look further into zero-knowledge proofs.
Maybe the Socialist Millionaire Protocol can also do the trick.
----
Sounds like Protocol B will be harder to design, prove and implement. Does
our threat model include the attacks that it protects against? If not, we
should probably do Protocol A.
Some further questions:
+ Should it be a text-based or binary-based protocol?
+ Should the protocol be versioned?
+ Should we let the cookie be of arbitrary size? I'm leaning towards 'no'.
32 secret bytes hold enough entropy.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7098#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list