[crossfire] Challenge-Response login, proof of concept implementation ready
Jochen Suckfüll
crossfire at suckfuell.net
Tue Jun 10 15:17:18 CDT 2008
Hello!
AnMaster <anmaster at tele2.se> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Rick Tanner wrote:
> | AnMaster wrote:
> | |
> | | Backward compatibility would be supported by plain text login
> once and | then upgrade
> | | password in player file to store the "shared secret", then
> HMAC-SHA256 | would be used in
> | | future to log in. I feel that it is less of an issue storing an
> | unencrypted shared secret
> | | on the server than, as we currently do, sending it in plain text
> over | network.
> |
> | What about password resets in cases where a player returns from a
> long | hiatus and can't remember their password?
> |
> | Under the current system, a person with server/shell access can
> reset | that players password. Would this new system prevent this?
> |
> No. As it is a shared secret, it would actually have to be stored in
> plain text on the server, (still less of an issue than sending it
> unencrypted, or if that is considered a very bad issue, I could use a
> more sophisticated protocol, like that SSH uses).
>
> And yes resetting password on server would be possible both ways.
There's no reason to store a plaintext password. You can apply the hash
function right away when the password was entered. This would be done
both in the client when the player logs in and in on the server side
when the password is reset (e.g. by using a DM command).
Of course someone with shell access could still steal that hash sum.
But he still doesn't know the password to log in (using an unpatched
client). OTOH it's out of the scope here to implement a protection from
someone that has a shell access to the server.
Jochen
More information about the crossfire
mailing list