Validation regex may be overly restrictive

[emkll]

We validate the auth token for the v3 onion service in:

securedrop-workstation/scripts/validate_config.py

Line 14 in bdd07b2

TOR_V3_AUTH_REGEX = r"^[A-Z2-7]{52}$"

I have recently set up an instance with v3 onion service, and the X25519 secret for the onion service had at least one 0 character in it, which may make the regex above overly restrictive.

[eloquence]

The client auth docs note that the v3 keys are to be formatted as base32. All publicly available docs suggest using the base32 utility, which implements the alphabet defined in RFC 4648. That in turn excludes 0 and 1. Following these docs I've not been able to create a key with a 0 or 1. Are you still able to reconstruct how and at which stage you saw a key with a 0 in it?

[eloquence]

The relevant code from securedrop-admin:
https://github.com/freedomofpress/securedrop/blob/427675858c49ef67573bb002b37fce06c029a84d/admin/securedrop_admin/__init__.py#L717-L718

This uses the base64.b32encode function, which also implements the alphabet specified here: https://tools.ietf.org/html/rfc3548.html#page-7

[eloquence]

Per discussion with @emkll closing for now until we see further evidence of such keys being generated.