[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please review README.Debian pkg documentation

Hi there!

I would like you to review the attached README.Debian file, containing a
few instructions and procedures targeted for end users (part of
'vidalia' pkg).

Thanks in advance!


Vidalia for Debian

 For the anxious and patienceless people

3 different ways of running Vidalia:

1. Re/Configure Vidalia not to let Tor start and simply start Vidalia.
2. Enable CookieAuthentication in tor's config, and grab 
    /var/lib/tor/control_auth_cookie    (RECOMMENDED for greater security)
3. Enable ControlPort and use HashedControlPassword from
    'tor --hash-password'.

 Full and complete explanation

Vidalia provides a GUI for the Tor software. 
That means that Vidalia needs to talk to the Tor software for configuring 
different aspects of the Tor Network, viewing its status at a glance, 
monitor its bandwidth usage, or just viewing logs between others

The component of the Tor software that Vidalia talks to is a daemon process,
which works on background without any user interaction required.

Vidalia supports three different ways of talking to Tor:

1. Letting Vidalia start Tor process on its own.

 ------>	"I want it, and I want it NOW!"

 This option is the simplest for end users. 

 This is the default option on debconf while configuring vidalia package, 
  handled in the debconf front-end to Vidalia, easily reconfigurable 
  by running 'dpkg-reconfigure vidalia' at any given time.

   *********************** FOR PARANOIDS ONLY ***************************
   |									|
   |									|
   |	In the remote and unlikely event of a bug existing in the 	|
   |	Tor routing algorithm or implementation itself, it might be  	|
   |	_relatively_ easy, or at least possible, for a remote user to	|
   |	gain access to the user's launching Vidalia data (an attack	|
   |	known as "privilege escalation")				|
   |									|
   |									|
   |	This will be much more difficult if you run Vidalia using any 	|
   |             of the two alternatives described below.		|
   |									|
   |									|
   |          ** Please consider using them if possible!!!! **		|
   |									|
   |									|
   *********************** FOR PARANOIDS ONLY ***************************

2. Enable Tor to use CookieAuthentication to communicate with Vidalia.

  * The best password is the one you don't have to know about *

 This method consists of a password-less authentication. This means 
  you won't have to remember any password, but you'll have to grab a 
  very important and *SECRET* file from your disc, called "Auth Cookie".

 To enable this profile, edit Tor's configuration file, by default at 
  '/etc/tor/torrc', add or uncomment the 'CookieAuthentication' value 
  setting it to 1.
 You will end up having something like this:

# grep Cookie /etc/tor/torrc
CookieAuthentication 1

 Now start/restart Tor daemon and start Vidalia from your regular X user.
 Vidalia will ask you for a "cookie file" at the next run:
   You will have to fetch the "cookie file" from your local filesystem,
    by default at '/var/lib/tor/control_auth_cookie'

            DO NOT share this file with anyone, Tor rests on it!

 This option might be simpler than all the others, but will require you
  to grab a different cookie file every time you restart the Tor process,
  in contrast to the next methods.

 This is my preferred and recommended method, simple and easy, no passwords.

3. Enable Tor to use a control port to communicate with Vidalia.

 Edit Tor configuration file, by default '/etc/tor/torrc', add or 
  uncomment the 'ControlPort 9051' option, and add the output 
  you get from tor to 'HashedControlPassword', as shown here:
# tor --hash-password SOME_PASSWORD_HERE
Sep 17 18:48:49.421 [notice] Tor v0.2.0.30 (r15956). This is experimental
software. Do not rely on it for strong anonymity. (Running on Linux x86_64)

 You will end having something like this:
# grep Control /etc/tor/torrc 
ControlPort 9051
HashedControlPassword 16:167F667A98F...4ACF029

 Now start/restart Tor daemon and start Vidalia from your regular X user.
 Vidalia will ask you for that password at the next run, in the example, 
  'SOME_PASSWORD_HERE' (as the phrase you pass it with --hash-password, 
  not the hash), and will start a secure authentication. That's all!

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: