joinmarket-clientserver
joinmarket-clientserver copied to clipboard
feature request: add support for tor HashedControlPassword authentication
TL;DR
Having support for HashedControlPassword authentication to the tor control port would be useful. The MESSAGING:onion
section could have a new tor_control_password
setting and use that if present or fall back to Cookie based auth if the setting is missing or empty.
rationale
The onion message channels currently support only Cookie based authentication, precluding (or, technically, making it much more difficult) to use a tor service running on another host / vm / container.
There could be a number of reasons to not want to have tor
running alongside JoinMarket, in my case I want to have a number of services, like a bitcoin full node, a joinmarket yield generator, etc... running in isolated containers without any access to internet because I want all my traffic to go over tor.
This leads to these two issues:
- when there are other services that need to use tor, running in other systems / containers, it would be a waste for every one of them to have its own tor, they could all use a single tor accessed over the network
- if the services are supposed to only talk to the external world over tor, the network where services run would not have internet access (eg. no router / gateway) to enforce that policy. A dual-headed system / container could run tor, listening for connection over one network and accessing internet over a second network
For an actual example, my setup is using a docker-compose.yml
along these lines:
---
networks:
wan:
# this has internet access
tor:
# no internet access
internal: true
services:
tor:
networks:
- wan
- tor
bitcoin:
# the full node
networks:
- tor
joinmarket:
# could be a tumbler (uses tor but doesn't need auth to control port)
# or yield generator (does need to authenticate with tor control port)
networks:
- tor