Safe cookie authentication gets a changes file

2024-11-10 13:13:44 +01:00 · 2012-03-26 14:06:27 -04:00 · 2012-03-26 14:06:27 -04:00 · 9740f067c4
commit 9740f067c4
parent 6dcbfec82d
1 changed files with 9 additions and 0 deletions
--- a/changes/safecookie
+++ b/changes/safecookie
@ -0,0 +1,9 @@
+  o Security Features:
+    - Provide controllers with a safer way to implement the cookie
+      authentication mechanism. With the old method, if another locally
+      running program could convince a controller that it was the Tor
+      process, then that program could trick the contoller into
+      telling it the contents of an arbitrary 32-byte file. The new
+      "SAFECOOKIE" authentication method uses a challenge-response
+      approach to prevent this. Fixes bug 5185, implements proposal 193. 
+