[Freeciv-Dev] Re: Passwd auth with MD5 hash
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
On Tue, 21 Aug 2001, Erik Sigra wrote:
> > It doesn't add anything if you can't trust the server admin, since he can
> > just modify the server to tell him the password when you enter it.
>
> Aren't passwords usually sent encrypted over networks? Then the server admin
> can not modify the server to tell him the password. I don't know how it was
> implemented in this patch, but if it is implemented at all then it should be
> this way.
Usually? No, not usually. But with ssh getting more common, cleartext
passwords over the network are getting more rarer.
Still, even with ssh I can trojan the sshd on the other end to get the
password. Sending the password encrypted does no good except against sniffing
attacks since the server has to decode the password to check it. If you want
some scheme where the server never gets to know the password, you need to use
a public key authentication scheme like RSA or Diffie-Hellman.
And I think that is WAY overboard for a game!
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Bernd Jendrissek, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Trent Piepho, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Reinier Post, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Auth Gábor, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Trent Piepho, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Erik Sigra, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash,
Trent Piepho <=
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Erik Sigra, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Trent Piepho, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Erik Sigra, 2001/08/21
- [Freeciv-Dev] Re: Passwd auth with MD5 hash, Paul Zastoupil, 2001/08/24
[Freeciv-Dev] Re: Passwd auth with MD5 hash, Gaute B Strokkenes, 2001/08/21
|
|
