You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Can you provide more details on the design pattern around the control_auth_cookie part of the API? Is this something that the user enters and how do they get this cookie? Or is this something that TOR provides and the UI needs to be able to access and provide back to the TOR controller to gain access to the Tor controller?
Sorry, this might be a newbie question: I am new to TOR
The text was updated successfully, but these errors were encountered:
I haven't looked at Tor.framework's control auth cookie bits in a while, so this is going to be more about the control port and auth cookies in general:
Basically, the way you interact with the internal Tor process is via the "control port". The protocol there is basically just telnet. There's a good (but somewhat out of date) intro to the control port here: http://www.thesprawl.org/research/tor-control-protocol/
(If you're really unfamiliar with tor, on non-iOS platforms the tor client is usually run as a daemon or as subprocess of another app — Tor Browser on desktops launches it's own copy of the internal tor command-line client in this manner. So you need the control port as a way for your app to communicate with Tor and manage what it's doing.)
Tor has a few ways of authenticating access to the control port (so users that can talk to that port can't alter Tor settings without proving they have access). Either a password is hard-coded into Tor's config (HashedControlPassword), or you let Tor randomly generate a password which it writes to a file for you (CookieAuthentication). By default, the cookie auth method writes to a file called control_auth_cookie inside the data directory that tor is using. (Hence the example code reads that NSData from <data_directory>/control_auth_cookie.)
In either case, this value (the hashed password or the cookie) is passed into the AUTHENTICATE command (see that guide I linked to above).
On iOS, using the cookie authentication method is convenient because app file storage is strictly sandboxed (so you're somewhat protected against another app which may try to talk to your control port).
Anyway, this is not something the user will enter in; it is an implementation detail for a tor-using app that needs to communicate with a tor process.
Can you provide more details on the design pattern around the control_auth_cookie part of the API? Is this something that the user enters and how do they get this cookie? Or is this something that TOR provides and the UI needs to be able to access and provide back to the TOR controller to gain access to the Tor controller?
Sorry, this might be a newbie question: I am new to TOR
The text was updated successfully, but these errors were encountered: