[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed

nanogui: Access control

Previous by date: 14 Dec 2000 10:42:07 -0000 Re: Access control, Alex Holden
Next by date: 14 Dec 2000 10:42:07 -0000 Re: Access control, Morten Rolland
Previous in thread: 14 Dec 2000 10:42:07 -0000 Re: Access control, Alex Holden
Next in thread: 14 Dec 2000 10:42:07 -0000 Re: Access control, Morten Rolland
Subject: Re: Access control
From: Alan Cox ####@####.####
Date: 14 Dec 2000 10:42:07 -0000
Message-Id: <E146VvB-00047L-00@the-village.bc.nu> 
> So you're saying that all the existing protocols which use hashed or
> encrypted authentication but not actual session encryption (kerberos,
> etc.) are no better than ones which use plaintext authentication?

Unless they use the hash to protect all the data - pretty much.

What does work with your challenge/response type scheme is to always send

MD5sum(data_block, secret) with each 'packet' or 'packet group'. For 
performance you may want to bundle stuff and send a block of messages together
with one MD5 hash for the set.

I used to use this for a pile of code because it was authentication not
encryption and therefore had no (old) US export issues. I still use a variant
of it for giving web browsers tamperproof cookies
Previous by date: 14 Dec 2000 10:42:07 -0000 Re: Access control, Alex Holden
Next by date: 14 Dec 2000 10:42:07 -0000 Re: Access control, Morten Rolland
Previous in thread: 14 Dec 2000 10:42:07 -0000 Re: Access control, Alex Holden
Next in thread: 14 Dec 2000 10:42:07 -0000 Re: Access control, Morten Rolland
[Lists] [Configure] [<<] [<] [by Thread] [by Date] [>] [>>] [Months] [Search] [eSubscribe] News Feed
Powered by ezmlm-browse 0.20.