[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable

From: Michal Nazarewicz
Subject: Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
Date: Sun, 01 May 2011 00:55:14 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0 (Slckware Linux)

Juanma Barranquero <address@hidden> writes:

> On Fri, Apr 29, 2011 at 18:22, Stefan Monnier <address@hidden> wrote:
>> PS: emacsclient should really try not to send the key in cleartext, but
>> instead send something like "nonce,hash(nonce,key)".
> That's not hard to do, assuming that md5 is an acceptable hash
> (because we already include C and elisp implementation, unlike
> SHA-xx).

Depending on how paranoid are we, MD5 could feel too weak though.
(Also, one could wish for HMAC.)

> In the server side,
>   (unless (process-get proc :authenticated)
>     (if (or
>          ;; New method: -auth2 nonce md5(nonce . auth-key)
>          (and (string-match "-auth2 \\([!-~]+\\)
> \\([0-9a-f]\\{32\\}\\)\n?" string)
>               (string= (md5 (concat (match-string 1 string)
>                                     (process-get proc :auth-key)))
>                        (match-string 2 string)))
>          ;; Old method: -auth auth-key
>          (and (string-match "-auth \\([!-~]+\\)\n?" string)
>               (string= (match-string 1 string) (process-get proc :auth-key))))
>       (...set authenticated)
>       (...fail))

Actually, server would have to generate the nonce.  Otherwise, the
authentication scheme would be prone to replay attacks and would really
defy the purpose of nonce.

> but in the emacsclient side, if it sends -auth2 it won't be
> back-compatible with pre-24.1, and if it tries -auth, then -auth2,
> -auth2 is not really used beause -auth is always accepted. So the only
> ways I see to make this useful at all is to remove compatibility, or
> introduce some kind of version check, perhaps resurrecting the
> currently obsolete -version command:
>                 ;; -version CLIENT-VERSION: obsolete at birth.
>                 (`"-version" (pop args-left))

That would still break backward compatibility, wouldn't it?  The old
servers would not accept this command anyway.  Unless server would issue
it to client just after making connection.  From what I see, the old
clients would "only" print error message.

In the worst case, the client could first try the new authenticating
scheme and on error reconnect with the old scheme.

Best regards,                                          _     _
 .o. | Liege of Serenly Enlightened Majesty of       o' \,=./ `o
 ..o | Computer Science,  Michal "mina86" Nazarewicz    (o o)
 ooo +-<mina86-mina86.com>-<jid:mina86-jabber.org>--ooO--(_)--Ooo--

Attachment: pgp1sdj193qmy.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]