nanogui: Access control
Subject:
Re: Access control
From:
Alan Cox ####@####.####
Date:
14 Dec 2000 10:42:07 -0000
Message-Id: <E146VvB-00047L-00@the-village.bc.nu>
> So you're saying that all the existing protocols which use hashed or
> encrypted authentication but not actual session encryption (kerberos,
> etc.) are no better than ones which use plaintext authentication?
Unless they use the hash to protect all the data - pretty much.
What does work with your challenge/response type scheme is to always send
MD5sum(data_block, secret) with each 'packet' or 'packet group'. For
performance you may want to bundle stuff and send a block of messages together
with one MD5 hash for the set.
I used to use this for a pile of code because it was authentication not
encryption and therefore had no (old) US export issues. I still use a variant
of it for giving web browsers tamperproof cookies