Send password over TCP connection
Dan Stromberg
strombrg at dcs.nac.uci.edu
Mon Oct 10 17:40:24 EDT 2005
On Mon, 10 Oct 2005 14:29:20 -0700, dcrespo wrote:
> ¡Beautiful and elegant solution!
>
> Two copies of the password: one on the client, the other on the server.
>
> 1. Client wants to connect
> 2. Server generates a random_alphanumeric_string and sends it to the
> client
> 3. Both Client and Server creates a hash string from
> <password+random_alphanumeric_string>
> 4. Client sends the hash string to the server
> 5. Server compares his hash result with the hash string received from
> de client.
>
> I think it is a very good solution, Isn't it?
Sounds like it, but how is it different from what I just described? :)
Oh, also, I'm not 100% how much the alphanumeric part impacts things. You
may or may not get a better result by using a random string with all bits
random, not just the bits that vary in ASCII for letters and numbers.
Anyway, for an example of this sort of thing, you might look over my
fallback-reboot program at
http://dcs.nac.uci.edu/~strombrg/fallback-reboot/
It uses RIPEMD-160 for the hash.
The server side is in C (to reduce dependencies to a bare minimum), but
the client side is in python (for convenience).
More information about the Python-list
mailing list