tor/changes/safecookie

  o Security Features:
    - Provide controllers with a safer way to implement the cookie
      authentication mechanism. With the old method, if another locally
      running program could convince a controller that it was the Tor
      process, then that program could trick the contoller into
      telling it the contents of an arbitrary 32-byte file. The new
      "SAFECOOKIE" authentication method uses a challenge-response
      approach to prevent this. Fixes bug 5185, implements proposal 193.
Safe cookie authentication gets a changes file 2012-03-26 20:06:27 +02:00			`o Security Features:`
			`- Provide controllers with a safer way to implement the cookie`
			`authentication mechanism. With the old method, if another locally`
			`running program could convince a controller that it was the Tor`
			`process, then that program could trick the contoller into`
			`telling it the contents of an arbitrary 32-byte file. The new`
			`"SAFECOOKIE" authentication method uses a challenge-response`
			`approach to prevent this. Fixes bug 5185, implements proposal 193.`