[Freeciv-Dev] (PR#11971) Use encrypted passwords where possible
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
<URL: http://bugs.freeciv.org/Ticket/Display.html?id=11971 >
Opening ticket based on part of the discussion in ticket 11851:
http://bugs.freeciv.org/Ticket/Display.html?id=11851
In terms of password management, there are (at least) two types of
security that can be applied. First, there is securing the
communication method. Second, there is the use of encryption for any
password storage. This ticket solely deals with the second issue.
The server should keep encrypted passwords in memory and in the user
database. When the client sends a password, the server first would
encrypt the plaintext and then overwrite the plaintext memory. At that
point, the server works with (retains / compares / saves) the encrypted
version.
One mechanism to use would be something based on md5, such as what's
done for crypt_md5 in freebsd:
http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libcrypt/crypt-md5.c?rev=1.13&content-type=text/x-cvsweb-markup
http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libmd/md5c.c?rev=1.16&content-type=text/x-cvsweb-markup
That second file is basically a lift from the RFC for md5 digests:
http://www.faqs.org/rfcs/rfc1321.html
I can work on the code changes here if folks would like to see it.
However, I don't know where the changes would be necessary for the
copyright and license notices.
Ed
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Freeciv-Dev] (PR#11971) Use encrypted passwords where possible,
Ed Overton <=
|
|