Re: [gomd-devel] <IRC> interesting IRC chat session about gomd...

[Johnny Cache]

Thats a pretty novel authentication scheme, im curious what algorithm you
suggest to use for the encryption and how long should te random phrase be?
Crypto's not my strong point but ive seen a lot of things do it wrong and
wouldnt want that to happen to gomd. If i was a evil (rather than good :)
) hacker i'd be poring over every line of a daemon i knew would be running
on HPC's. Think of the bragging rights of saying you owned a N node
cluster. Eek!

I do like the overall scheme though

Best Regards
-jc


On Fri, 26 Sep 2003 address@hidden wrote:

> *snip(tm)*
>
> Hi,
>
> I had some thoughts on the authentication thing...and I discovered a leak :)
> When someone sniffs and he sniffs the hash of the password (because that'll 
> be sent
> over the network) he/she can open a telnet and just paste the password when 
> asked for.
> So it is not very secure. I came up with this sceme:
>
> 1) Connection is made
> 2) When Gomd is in "ultra-secure" mode, it sends a random phrase encrypted 
> with the
> user's password to the client.
> 3) Only with the password this phrase can be decrypted.
> 4) Client tries to decrypt the phrase with the given password by the user
> 5) Client sends back the decrypted phrase.
> 6) Gomd verifies
>
> cheers,
>
> Roeles
>
>
>
> --
> _____________________________________________________________________
> Snel en voordelig ADSL nu voor iedereen bereikbaar.
> Zon Breedband Budget voor EUR 14,95 per maand.
> Nu tijdelijk geen aansluitkosten. Bestel snel op zonnet.nl/breedband
>
>
>
> _______________________________________________
> gomd-devel mailing list
> address@hidden
> http://mail.nongnu.org/mailman/listinfo/gomd-devel
>