[Freeciv-Dev] Re: MD5 password authentication and so on.
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Hi!
From: "Vasco Alexandre Da Silva Costa" <vasc@xxxxxxxxxxxxxx>
> On Wed, 22 Aug 2001, Zverina, David wrote:
> > You are missing challenge-response mechanism.
> > Works something like this.
> > 1. Client sends a login request with user id
> > 2. Server sends a challenge string which changes every time it's used
> > (eg. a
> > timestamp)
> > 3. Client encrypts the challenge string using his password as the key.
> > It
> > sends the resultant string to the server.
> > 4. Server does the same calculation as the client using it's copy of the
> > password and compares it to the password received. If they match the
> > client
> > is authenticated.
> Yes. I like this solution better.
If a MD5 algorithm is needed I use also a completly public domain version in
my e-Mailer (for SMTP Auth). I could send this to the person who is
responsible for the patch, but I forgot who this was.
bye,
Sebastian Bauer
|
|
