Complete.Org: Mailing Lists: Archives: freeciv-dev: January 2005:
[Freeciv-Dev] Re: (PR#11971) Use encrypted passwords where possible

[Freeciv-Dev] Re: (PR#11971) Use encrypted passwords where possible

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: edoverton@xxxxxxxxxx
Subject: [Freeciv-Dev] Re: (PR#11971) Use encrypted passwords where possible
From: "Mike Kaufman" <kaufman@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 18 Jan 2005 15:00:46 -0800
Reply-to: bugs@xxxxxxxxxxx

<URL: >

On Tue, Jan 18, 2005 at 11:46:18AM -0800, Ed Overton wrote:
> <URL: >
> Opening ticket based on part of the discussion in ticket 11851:
> In terms of password management, there are (at least) two types of
> security that can be applied.  First, there is securing the
> communication method.  Second, there is the use of encryption for any
> password storage.  This ticket solely deals with the second issue.

> The server should keep encrypted passwords in memory and in the user
> database.  When the client sends a password, the server first would
> encrypt the plaintext and then overwrite the plaintext memory.  At that
> point, the server works with (retains / compares / saves) the encrypted
> version.

Once the server is done with authentication, the server does indeed
overwrite the memory location where the password is saved.

> One mechanism to use would be something based on md5, such as what's
> done for crypt_md5 in freebsd:

for the simpleton "database" in CVS, there is no point in saving passwords
encrypted. After all, that database is simply a flat file in freeciv
registry format.

For the pubserver servers, the libuserdb.a is replaced with one that uses
mysql. Here we do md5 hash the passwords, compare the hashes, and store them 
as such.

Speaking to the first issue, I spent a bit of time looking at
possible solutions to this, namely finding some GPLed public key encryption
code I could rip off. It's actually not as easy to come by as I had
expected. I am not competent to write my own or do a substantial rewrite of
someone elses. I consider an acceptable solution to this problem as:

o code must be GPL (obvious)
o code I could put in a single subdirectory (of say utility/)
o code that is small (not more that 10k or 20k or so)
o no external libraries needed to link to (like libgmp)
o keys could be generated by an external program (like ssh-key-gen)
o simple to use (make of that as you will)

coders welcome. Such a solution would be an easy in into the codebase I
should think.


[Prev in Thread] Current Thread [Next in Thread]