[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [Auth]Draft Spec: Implementation of Gelernter Cyberbodies

From: Carsten Kuckuk
Subject: AW: [Auth]Draft Spec: Implementation of Gelernter Cyberbodies
Date: Wed, 18 Jul 2001 13:28:15 +0200


I am not an expert on security, nor distributed systems, but... why don't
add a little more security to 'cyberbodies', suppouse a cracker sniffes your

What I wrote down was just a first sh*tty draft. In the real production
system, authorization has to be done by a challenge response system.
My personal preference would be digest authentication. The server
would send a unique piece of text (the date and time, for example),
and the client would calculate MD5(password+MD5(password+date+time))
and send this back to the server. This is replay-safe, etc. There
was a discussion about how to do digest authentication correctly on
Bugtraq a few days ago.

>> If it makes no sense, please excuse wasting time...

It makes perfect sense, it is not a waste of time at all. It's just
that I wanted to stay focused on the general ideas, and not get
sidetracked into implementation details early on.

Carsten Kuckuk

reply via email to

[Prev in Thread] Current Thread [Next in Thread]