From: Andre Noll <maan@systemlinux.org>
Date: Sun, 21 Jun 2009 18:55:07 +0000 (+0200)
Subject: Stronger crypto for client authentication.
X-Git-Tag: v0.4.0~76^2
X-Git-Url: http://git.tuebingen.mpg.de/?a=commitdiff_plain;h=a18295788a381a5083e42fde7d7615b328bb6509;hp=a18295788a381a5083e42fde7d7615b328bb6509;p=paraslash.git

Stronger crypto for client authentication.

This patch changes the way clients are authenticated:

- The size of the challenge has been increased from sizeof(unsigned long)
to 64. Openssl's Rand_bytes() is used to get the random buffer for the
challenge and the rc4 keys.

- The client responds with the sha1 hash of the challenge rather than
sending back the decrypted challenge in plain text.

- The rc4 keys are now 2 x 32 bytes long. They are rsa encrypted and
sent together with the challenge.

- Authentication requests for invalid users are not immediatedly denied
as this would reveal the fact that the user does not exist.

- rsa keys are required to be at least 2048 bits long.
---