|
@@ -0,0 +1,9 @@
|
|
|
|
|
+ o Security Features:
|
|
|
|
|
+ - Provide controllers with a safer way to implement the cookie
|
|
|
|
|
+ authentication mechanism. With the old method, if another locally
|
|
|
|
|
+ running program could convince a controller that it was the Tor
|
|
|
|
|
+ process, then that program could trick the contoller into
|
|
|
|
|
+ telling it the contents of an arbitrary 32-byte file. The new
|
|
|
|
|
+ "SAFECOOKIE" authentication method uses a challenge-response
|
|
|
|
|
+ approach to prevent this. Fixes bug 5185, implements proposal 193.
|
|
|
|
|
+
|
Nick Mathewson