[crossfire] Challenge-Response login, proof of concept implementation ready

[Mark Wedel]

AnMaster wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> I have locally a proof of concept challenge-response login for use in crossfire (HMAC-SHA256).
> 
> However how should it be added to server protocol exactly, setup command? I'd prefer
> upgrading protocol version.

  Depends on a few things.  Do you expect this change to only be in the trunk, 
or also backport to the stable release?

  If only in the trunk, then perhaps increasing the protocol version, and making 
that the only supported authentication method in fairly short order may be the 
right thing to do.  For the trunk, we are not guaranteeing a lot of backwards 
compatibility.

  However, the stable release does guarantee some level of backwards 
compatibility.  The problem with the protocol version (and why setup is often 
used instead) is that with just a number, it is not clear what has changed and 
if in fact and old client can operate on that newer server.

  Also, before committing any changes, the proposed protocol changes should be 
documented (like the current protocol commands - what does the server & client 
send to each other.  That provides more concrete examples of how the changes 
will be implemented, and allows for better/more meaningful conversation.

> 
> Backward compatibility would be supported by plain text login once and then upgrade
> password in player file to store the "shared secret", then HMAC-SHA256 would be used in
> future to log in. I feel that it is less of an issue storing an unencrypted shared secret
> on the server than, as we currently do, sending it in plain text over network.

  Almost certainly true - file access controls on the server itself can still be 
used to prevent unauthorized folks from looking at the player files.  And for 
many systems, the password actually is stored in plain text (look at the #if in 
crypt_string())