[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gomd-devel] <IRC> interesting IRC chat session about gomd...
|
From: |
rbaardman |
|
Subject: |
Re: [gomd-devel] <IRC> interesting IRC chat session about gomd... |
|
Date: |
Fri, 26 Sep 2003 07:57:59 +0200 |
|
User-agent: |
Internet Messaging Program (IMP) 3.1 |
*snip(tm)*
Hi,
I had some thoughts on the authentication thing...and I discovered a leak :)
When someone sniffs and he sniffs the hash of the password (because that'll be
sent
over the network) he/she can open a telnet and just paste the password when
asked for.
So it is not very secure. I came up with this sceme:
1) Connection is made
2) When Gomd is in "ultra-secure" mode, it sends a random phrase encrypted with
the
user's password to the client.
3) Only with the password this phrase can be decrypted.
4) Client tries to decrypt the phrase with the given password by the user
5) Client sends back the decrypted phrase.
6) Gomd verifies
cheers,
Roeles
--
_____________________________________________________________________
Snel en voordelig ADSL nu voor iedereen bereikbaar.
Zon Breedband Budget voor EUR 14,95 per maand.
Nu tijdelijk geen aansluitkosten. Bestel snel op zonnet.nl/breedband