id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	launchpad_bug
1802	make new introducer furls unguessable	davidsarah	warner	"In [source:src/allmydata/introducer/server.py], new introducer furls are created with the guessable swissnum ""introducer"".

New furls should instead be created as random, by omitting the {{{""introducer""}}} argument to [http://foolscap.lothar.com/docs/api/foolscap.pb.Tub-class.html#registerReference tub.registerReference] and using {{{
furlFile=os.path.join(self.basedir, ""private"", ""introducer.furl"")
}}} instead. Existing furls will not change because {{{introducer.furl}}} will already exist, so this is backward-compatible.

The full security benefit is not obtained without #860, but there's no reason to continue generating guessable furls for new introducers in the meantime."	defect	closed	major	1.10.0	code-nodeadmin	1.9.2	fixed	introducer furl security easy forward-compatibility