[crossfire] Challenge-Response login, proof of concept implementation ready
AnMaster
anmaster at tele2.se
Tue Jun 10 12:57:51 CDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I have locally a proof of concept challenge-response login for use in crossfire (HMAC-SHA256).
However how should it be added to server protocol exactly, setup command? I'd prefer
upgrading protocol version.
Backward compatibility would be supported by plain text login once and then upgrade
password in player file to store the "shared secret", then HMAC-SHA256 would be used in
future to log in. I feel that it is less of an issue storing an unencrypted shared secret
on the server than, as we currently do, sending it in plain text over network.
However I need some help from protocol experts here.
As a bonus longer passwords than the current 8 chars will be possible.
If no one objects within a week (or a bit more as I will be away then, on a trip to
another part of Sweden) I'd like to go ahead with my fully own implementation even at
protocol level. This in order to avoid the whole thing just stalling and dying out.
Regards,
Arvid Norlander
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEAREKAAYFAkhOwJ0ACgkQWmK6ng/aMNkY3gCfaEipKeE06iH0pXBzIxnZTo6I
UMgAoJOTzrYMY8tCpm4QTSqJWTQ8brQf
=nBP+
-----END PGP SIGNATURE-----
More information about the crossfire
mailing list