Opened 9 years ago

Closed 9 years ago

#652 closed enhancement (fixed)

Console authentication improvements

Reported by: Roland Häder Owned by: zzz
Priority: minor Milestone: 0.9.4
Component: apps/console Version: 0.9
Keywords: Cc:
Parent Tickets: Sensitive: no


Please try to add a feature that allows protection of the router by e.g. HTTP sessions which could prevent third persons (e.g. running the i2p router at a remote server means that the local administrator can access it) or even your family-mates from accessing it.


Change History (8)

comment:1 Changed 9 years ago by Eche|on

Resolution: fixed
Status: newclosed


Look into the FAQ, it is present since a few years.


comment:2 Changed 9 years ago by zzz

Component: router/generalapps/console

Although it would be nice to get this added to /configui so you don't need advanced config … good noobie project

comment:3 Changed 9 years ago by Roland Häder

The password is stored in clear text in ~/.i2p/router.config, which means no better security. The local admin/family/room mates (="attacker") can read that file. :( Okay, the attacker may shutdown the computer manually, remove the hard drive, plug it into another computer and mount it (e.g. to /mnt/) then he can read the password from the said file.

comment:4 Changed 9 years ago by Roland Häder

Or use an external boot medium like CD/USB stick and mount the hard drive as root. …

comment:5 Changed 9 years ago by Eche|on

Component: apps/consoleother
Resolution: fixed
Status: closedreopened
Summary: Protect i2p router (http://localhost:7657) by loginEncrypt all saved data on harddrive


I2P is not a tool to protect data on your data on your harddrive against people with physical access to your system.
With physcial access everyone can access your data on your system also, which tells you: they can read your data in I2P folder, too. In this case a encrypted, saved password for console is useless, too.
Nevertheless a encryption for saved data could be useful. But not really on a high importance.
Use e.g. TrueCrypt? or different tools for file encryption on your harddrive in between.


comment:6 Changed 9 years ago by zzz


I don't know about encrypting everything, but it's a fair suggestion that we at least salt and hash the passwords in the config file.

Right now we do, at least, set almost all saved files to mode 600.

comment:7 Changed 9 years ago by zzz

Component: otherapps/console
Owner: set to zzz
Status: reopenedaccepted

As described in #731 I'm going to try to implement password salting and hashing in 0.9.4.

comment:8 Changed 9 years ago by zzz

Resolution: fixed
Status: acceptedclosed
Summary: Encrypt all saved data on harddriveConsole authentication improvements

In 0.9.3-1:

  • Console auth changed from basic to digest
  • No longer saved as plain text in router.config
  • HTTP proxy auth changed from basic to digest
  • No longer saved as plain text in i2ptunnel.config
  • New console password form on /configui.jsp
Note: See TracTickets for help on using tickets.