Stronger crypto for client authentication.

This patch changes the way clients are authenticated:

- The size of the challenge has been increased from sizeof(unsigned long)
to 64. Openssl's Rand_bytes() is used to get the random buffer for the
challenge and the rc4 keys.

- The client responds with the sha1 hash of the challenge rather than
sending back the decrypted challenge in plain text.

- The rc4 keys are now 2 x 32 bytes long. They are rsa encrypted and
sent together with the challenge.

- Authentication requests for invalid users are not immediatedly denied
as this would reveal the fact that the user does not exist.

- rsa keys are required to be at least 2048 bits long.