safecookie 506 B

123456789
  1. o Security Features:
  2. - Provide controllers with a safer way to implement the cookie
  3. authentication mechanism. With the old method, if another locally
  4. running program could convince a controller that it was the Tor
  5. process, then that program could trick the contoller into
  6. telling it the contents of an arbitrary 32-byte file. The new
  7. "SAFECOOKIE" authentication method uses a challenge-response
  8. approach to prevent this. Fixes bug 5185, implements proposal 193.