Add message directing users to security guide
Addresses #2142, which was blocking on updates to zcash/support/security.html. That page has now been added, so this message directing users to the site can be included.
It displays in the zcash-cli --help and --version message text, and on the zcashd metrics screen.
When generating a new service key, explicitly request a RSA1024 one.
The bitcoin P2P protocol has no support for the longer hidden service names
that will come with ed25519 keys, until it does, we depend on the old
hidden service type so make this explicit.
See #9214.
> This new feature is enabled by default if Bitcoin Core is listening, and a connection to Tor can be made. It can be configured with the -listenonion, -torcontrol and -torpassword settings. To show verbose debugging information, pass -debug=tor.
But it is correct to say that the feature is enabled *regardless* of whether a connection to Tor can be made.
I propose to clarify that so that users can eliminate these in their logs (when `listen=1` and no Tor).
And I think it's okay to clarify about the `listen` option, because on several occasions when I read this before I always assumed `listening` meant `server=1` which cost me a lot of time in troubleshooting.
```
2016-10-24 06:19:22.551029 tor: Error connecting to Tor control socket
2016-10-24 06:19:22.551700 tor: Not connected to Tor control port 127.0.0.1:9051, trying to reconnect
```
0.12.1
Change authentication order to make it more clear (see #7700).
- If the `-torpassword` option is provided, force use of
`HASHEDPASSWORD` auth.
- Give error message if `-torpassword` provided, but
`HASHEDPASSWORD` auth is not available.
- Give error message if only `HASHEDPASSWORD` available, but
`-torpassword` not given.
Tor Browser Bundle spawns the Tor process and listens on port 9150, it doesn't randomly pick a port.
[ci skip]
(cherry picked from commit 1b63cf98347b2a62915425576930f55c2126c2ff)
It looks like, TorController::disconnected_cb(TorControlConnection&
conn) gets called multiple times which results in multiple event_new().
Avoid this by creating the event only once in the constructore, and
deleting it only once in the destructor (thanks to Cory Fields for the
idea).
Replaces the fix by Jonas Schnelli in #7610, see discussion there.
This corrects a bug the case of tying group size where the code may
fail to select the group with the newest member. Since newest time
is the final selection criteria, failing to break ties on it
on the step before can undermine the final selection.
Tied netgroups are very common.
With automatic tor HS support in place we should probably not be providing
absolute protection for local peers, since HS inbound could be used to
attack pretty easily. Instead, this counts on the latency metric inside
AttemptToEvictConnection to privilege actually local peers.
Adds 127.0.0.1:9050 for the .onion proxy if we can succesfully connect
to the control port.
Natural followup to creating hidden services automatically.
- Force AUTHCOOKIE size to be 32 bytes: This provides protection against
an attack where a process pretends to be Tor and uses the cookie
authentication method to nab arbitrary files such as the
wallet
- torcontrol logging
- fix cookie auth
- add HASHEDPASSWORD auth, fix fd leak when fwrite() fails
- better error reporting when cookie file is not ok
- better init/shutdown flow
- stop advertizing service when disconnected from tor control port
- COOKIE->SAFECOOKIE auth
Starting with Tor version 0.2.7.1 it is possible, through Tor's control socket
API, to create and destroy 'ephemeral' hidden services programmatically.
https://stem.torproject.org/api/control.html#stem.control.Controller.create_ephemeral_hidden_service
This means that if Tor is running (and proper authorization is available),
bitcoin automatically creates a hidden service to listen on, without user
manual configuration. This will positively affect the number of available
.onion nodes.
- When the node is started, connect to Tor through control socket
- Send `ADD_ONION` command
- First time:
- Make it create a hidden service key
- Save the key in the data directory for later usage
- Make it redirect port 8333 to the local port 8333 (or whatever port we're listening on).
- Keep control socket connection open for as long node is running. The hidden service will
(by default) automatically go away when the connection is closed.
Nathan Wilcox
zkbot
Daira Hopwood
str4d
Jack Grigg
Pavel Janík
Wladimir J. van der Laan
unsystemizer
Nathaniel Mahieu
Adam Brown
Jonas Schnelli
Patrick Strateman
Gregory Maxwell
calebogden
MarcoFalke
Daniel Cousens
Peter Todd
Matt Quinn