socketServer questions

[Paul Rubin]

rbt <rbt at athop1.ath.vt.edu> writes:
> Off-topic here, but you've caused me to have a thought... Can hmac be
> used on untrusted clients? Clients that may fall into the wrong hands?
> How would one handle message verification when one cannot trust the
> client? What is there besides hmac? Thanks, rbt

I don't understand the question.  HMAC requires that both ends share a
secret key; does that help?  What do you mean by verification?  Do you
mean you want to make sure that's really Bob logging into your
computer, even when Bob might have intentionally given his password to
someone else?  It sounds like you want something like DRM.  What
exactly are you trying to do?