git.tuebingen.mpg.de Git - paraslash.git/commit

author	Andre Noll <maan@systemlinux.org>
	Sun, 21 Jun 2009 18:55:07 +0000 (20:55 +0200)
committer	Andre Noll <maan@systemlinux.org>
	Sun, 21 Jun 2009 18:55:07 +0000 (20:55 +0200)
commit	a18295788a381a5083e42fde7d7615b328bb6509
tree	72b05c2ac13daa7fd596c84ad853cc6c5bf1910e	tree \| snapshot
parent	a9126f461792a84c760162ecb25100f1593d427d	commit \| diff

Stronger crypto for client authentication.

This patch changes the way clients are authenticated:

- The size of the challenge has been increased from sizeof(unsigned long)
to 64. Openssl's Rand_bytes() is used to get the random buffer for the
challenge and the rc4 keys.

- The client responds with the sha1 hash of the challenge rather than
sending back the decrypted challenge in plain text.

- The rc4 keys are now 2 x 32 bytes long. They are rsa encrypted and
sent together with the challenge.

- Authentication requests for invalid users are not immediatedly denied
as this would reveal the fact that the user does not exist.

- rsa keys are required to be at least 2048 bits long.

INSTALL		diff \| blob \| history
client_common.c		diff \| blob \| history
command.c		diff \| blob \| history
configure.ac		diff \| blob \| history
crypt.c		diff \| blob \| history
crypt.h		diff \| blob \| history
error.h		diff \| blob \| history
para.h		diff \| blob \| history
rc4.h		diff \| blob \| history
user_list.c		diff \| blob \| history