[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auth handshake and rendevouz objects

From: Niels Möller
Subject: Re: auth handshake and rendevouz objects
Date: 05 Nov 2002 21:33:16 +0100
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

Tom Hart <address@hidden> writes:

> I'm sure I'm being stupid, here, but is there any way that A can
> return a digitally-signed token to B, so that the protocol becomes:

You can use cryptography. You don't need any public-key cryptography,
though. Let S have a random secret key K which it keeps to itself
(generated at process startup, so it need not be stored anywhere, or
ever transferred).

1.   A->S:      I want to give handle x to B.
2.   S<-A:      Here's a token T. S computes T as
                <A, B, S, x, HMAC-SHA1(key, A, B, S, x>
3.   A->B:      Please use this token T to get the handle x.
4.    B->S:     Please give me a handle in return for this token.
5.    S->B:     Ok. (After verifying the MAC and contents):
6.   B->A:      Thanks. Got it now.

And as Markus said, you can replace the HMAC with just a sufficiently
large random number, if you put some more state in S. Another tricky
detail is that with this scheme, you can't reuse the values of x, and
if it's possible that x ever rolls over, S needs to generate a new key
before that happens.

But using crypto is certainly possible, but it's also overkill for
this problem.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]