Hey all,
when running obfsproxy with scramblesuit in unmanaged mode (e.g. to obfuscate non-Tor traffic) the UniformDH password is passed in command line like this:
obfsproxy scramblesuit --password=W3ECD5GOYU5AAW4G35GSH5QXIHSRBU2X
The problem with this is that the password is visible in the system's process list.
Do you think it would make sense to add an argument like "--password-file", so as scramblesuit can fetch the password from a file? Any caveats?
Although this is not related to the Tor ecosystem, i think it would be useful.
Cheers, Alex
On Tue, 20 May 2014 18:25:46 +0300 irregulator@riseup.net wrote:
Hey all,
when running obfsproxy with scramblesuit in unmanaged mode (e.g. to obfuscate non-Tor traffic) the UniformDH password is passed in command line like this:
obfsproxy scramblesuit --password=W3ECD5GOYU5AAW4G35GSH5QXIHSRBU2X
The problem with this is that the password is visible in the system's process list.
Do you think it would make sense to add an argument like "--password-file", so as scramblesuit can fetch the password from a file? Any caveats?
Although this is not related to the Tor ecosystem, i think it would be useful.
Indeed, we have a bug open for this.
https://trac.torproject.org/projects/tor/ticket/8040
I think using `setproctitle` to modify what appears on the system process list may be a better general solution (and it would let us do things like showing `obfsproxy: obfs3,scramblesuit` in the managed use case as well which I think is cute, if not massively useful.
As an added bonus it is a general solution that's more futureproof.
Regards,
-
irregulator@riseup.net -
Yawning Angel