diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/safecookie | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/safecookie b/changes/safecookie new file mode 100644 index 000000000..fd7d7af2b --- /dev/null +++ b/changes/safecookie @@ -0,0 +1,9 @@ + o Security Features: + - Provide controllers with a safer way to implement the cookie + authentication mechanism. With the old method, if another locally + running program could convince a controller that it was the Tor + process, then that program could trick the contoller into + telling it the contents of an arbitrary 32-byte file. The new + "SAFECOOKIE" authentication method uses a challenge-response + approach to prevent this. Fixes bug 5185, implements proposal 193. + |