Skip to content
Snippets Groups Projects
Closed Spec doesn't mention password quotes
  • View options

    • Spec doesn't mention password quotes

    • View options
    • Closed created by Damian Johnson

    Section 5.1 of the control-spec [1] provides a nice description of authentication, but doesn't mention how to handle quotes in the password. Unsurprisingly controllers are expected to provide escaped quotes...

    atagar@morrigan:~$ tor --hash-password "this has a \" in it"
  16:E6DC1BCEDF55EDCA607ADDB8781795772E42AAC75F7B7630B6227232E4

atagar@morrigan:~$ telnet localhost 9051
  Connected to localhost.
  AUTHENTICATE "this has a \" in it"
  250 OK

    I'm gonna guess that only quotes should be escaped by controllers.

    I've been finding it a little frustrating to figure out when and what escaping is expected so I'm generally working from the assumption that I should ignore escaping unless specifically called out by the spec (like it is for authentication cookie paths, though that wasn't enough to work from alone [2]).

    Cheers! -Damian

    [1] https://gitweb.torproject.org/torspec.git/blob/HEAD:/control-spec.txt#l1924 [2] https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/socket.py#l54

    Attributes

    Assignees

    Nick Mathewson

    Labels

    Bug Relay Specifications

    Milestone

    None

    Dates

    Start: None

    Due: None

    Time tracking

    No estimate or time spent

    Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first