Send password over TCP connection
Laszlo Zsolt Nagy
gandalf at designaproduct.biz
Mon Oct 10 13:48:13 EDT 2005
How about an OTP (One Time Password) algorithm? It is described in RFC2289.
http://www.faqs.org/rfcs/rfc2289.html
I have a working implementation in Messlib. You can download it an look
at the "MessageSocket.SecureMessageSocket" class.
That is a modified version where a good random generator is used instead
of a finite sequence of passwords.
But it is just example implementation - you can get the idea there and
develop your own. In fact, my class also has support for
encrypting the communication channel, but the OTP algorithm itself only
requires a cryptographically secure hash algorithm and a
good random number generator. These are all included in Python. ;-)
I also tried to use SSL before, but I realized that for "secure
password" type authentication, OTP is much easier to understand and
use. Of course, SSL can be used for securing the communication line
WITHOUT AUTHENTICATION, and it is harder to understand
and use.
Best,
Les
More information about the Python-list
mailing list