Opened 3 years ago

Last modified 2 years ago

#19777 new defect

tor-gencert should warn nicely when PEM passphrases are too short

Reported by: isis Owned by:
Priority: Very Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Minor Keywords: gencert tor-dirauth usability annoyance
Cc: Actual Points:
Parent ID: Points: 1
Reviewer: Sponsor:

Description

If you do $ ./src/tools/tor-gencert --create-identity-key and then give a horribly insecure passphrase like "tor" as the passphrase to the PEM certificate, tor-gencert will give this rather cryptic error message:

Jul 28 18:46:45.709 [err] Couldn't write identity key to ./authority_identity_key
Jul 28 18:46:45.710 [err] crypto error while Writing identity key: problems getting password (in PEM routines:PEM_def_callback)
Jul 28 18:46:45.710 [err] crypto error while Writing identity key: read key (in PEM routines:DO_PK8PKEY)

It would be nice if instead it just said "I require a passphrase with a minimum of 8 characters!" or something like that.

Child Tickets

Change History (6)

comment:1 Changed 3 years ago by nickm

I think those messages come from openssl. We could switch to use readpassphrase instead, I guess.

comment:2 Changed 3 years ago by nickm

Milestone: Tor: 0.2.???

I'd take a patch here if somebody writes a good one.

comment:3 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:4 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:5 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:6 Changed 2 years ago by nickm

Keywords: tor-dirauth usability annoyance added
Note: See TracTickets for help on using tickets.