[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: [Auth]Draft Spec: Implementation of Gelernter Cyberbodies
|
From: |
Carsten Kuckuk |
|
Subject: |
AW: [Auth]Draft Spec: Implementation of Gelernter Cyberbodies |
|
Date: |
Wed, 18 Jul 2001 13:28:15 +0200 |
Joan,
>>>>>
I am not an expert on security, nor distributed systems, but... why don't
add a little more security to 'cyberbodies', suppouse a cracker sniffes your
URLs+user+passw...
<<<<<
What I wrote down was just a first sh*tty draft. In the real production
system, authorization has to be done by a challenge response system.
My personal preference would be digest authentication. The server
would send a unique piece of text (the date and time, for example),
and the client would calculate MD5(password+MD5(password+date+time))
and send this back to the server. This is replay-safe, etc. There
was a discussion about how to do digest authentication correctly on
Bugtraq a few days ago.
>> If it makes no sense, please excuse wasting time...
It makes perfect sense, it is not a waste of time at all. It's just
that I wanted to stay focused on the general ideas, and not get
sidetracked into implementation details early on.
Carsten Kuckuk
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- AW: [Auth]Draft Spec: Implementation of Gelernter Cyberbodies,
Carsten Kuckuk <=