[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [gomd-devel] <IRC> interesting IRC chat session about gomd...

From: rbaardman
Subject: Re: [gomd-devel] <IRC> interesting IRC chat session about gomd...
Date: Fri, 26 Sep 2003 07:57:59 +0200
User-agent: Internet Messaging Program (IMP) 3.1



I had some thoughts on the authentication thing...and I discovered a leak :)
When someone sniffs and he sniffs the hash of the password (because that'll be 
over the network) he/she can open a telnet and just paste the password when 
asked for.
So it is not very secure. I came up with this sceme:

1) Connection is made
2) When Gomd is in "ultra-secure" mode, it sends a random phrase encrypted with 
user's password to the client. 
3) Only with the password this phrase can be decrypted.
4) Client tries to decrypt the phrase with the given password by the user
5) Client sends back the decrypted phrase.
6) Gomd verifies



Snel en voordelig ADSL nu voor iedereen bereikbaar.
Zon Breedband Budget voor EUR 14,95 per maand.
Nu tijdelijk geen aansluitkosten. Bestel snel op zonnet.nl/breedband

reply via email to

[Prev in Thread] Current Thread [Next in Thread]