[tor-bugs] #20022 [Core Tor/Tor]: Tor should deprecate insecure cookie auth
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Aug 29 21:01:07 UTC 2016
#20022: Tor should deprecate insecure cookie auth
--------------------------+---------------------
Reporter: dkg | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+---------------------
Comment (by atagar):
No strong opinion here from me, but for what it's worth SecureCookie auth
is a bit trickier for controllers to implement...
https://gitweb.torproject.org/stem.git/tree/stem/connection.py#n743
https://gitweb.torproject.org/stem.git/tree/stem/connection.py#n833
By dropping normal cookie authentication we may encourage some folks to
use either password auth (or if they find that annoying, drop
authentication altogether).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20022#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list