[tor-dev] Proposal xxx: Safe cookie authentication

Damian Johnson atagar1 at gmail.com
Tue Feb 7 19:00:21 UTC 2012


>  I don't know whether that would be acceptable to controller authors
> and users.

I'm fine with a couple things...
* adding a tor provided blacklist
* adding a tor provided whitelist *if* Tor itself fails to start when
the torrc has an CookieAuthFile outside of that list and all versions
which allow for non-whitelisted files are flagged as obsolete

It would cause confusion for users to be able to define any arbitrary
cookie path in Tor, then have some controllers provide buggy looking
behavior by failing to authenticate.

As mentioned in irc this Safe Cookie proposal should also include the
deprecation of the current CookieAuthentication option. Otherwise a
malicious socket could simply claim to only support non-safe cookie
authentication to still trick controllers into divulging the cookie.
Users could tell their controller to only allow safe cookie auth but
in practice users, of course, won't do that.

Cheers! -Damian


More information about the tor-dev mailing list