[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable
From: |
Michal Nazarewicz |
Subject: |
Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable |
Date: |
Sun, 01 May 2011 00:55:14 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/24.0 (Slckware Linux) |
Juanma Barranquero <address@hidden> writes:
> On Fri, Apr 29, 2011 at 18:22, Stefan Monnier <address@hidden> wrote:
>
>> PS: emacsclient should really try not to send the key in cleartext, but
>> instead send something like "nonce,hash(nonce,key)".
>
> That's not hard to do, assuming that md5 is an acceptable hash
> (because we already include C and elisp implementation, unlike
> SHA-xx).
Depending on how paranoid are we, MD5 could feel too weak though.
(Also, one could wish for HMAC.)
> In the server side,
>
> (unless (process-get proc :authenticated)
> (if (or
> ;; New method: -auth2 nonce md5(nonce . auth-key)
> (and (string-match "-auth2 \\([!-~]+\\)
> \\([0-9a-f]\\{32\\}\\)\n?" string)
> (string= (md5 (concat (match-string 1 string)
> (process-get proc :auth-key)))
> (match-string 2 string)))
> ;; Old method: -auth auth-key
> (and (string-match "-auth \\([!-~]+\\)\n?" string)
> (string= (match-string 1 string) (process-get proc :auth-key))))
> (...set authenticated)
> (...fail))
Actually, server would have to generate the nonce. Otherwise, the
authentication scheme would be prone to replay attacks and would really
defy the purpose of nonce.
> but in the emacsclient side, if it sends -auth2 it won't be
> back-compatible with pre-24.1, and if it tries -auth, then -auth2,
> -auth2 is not really used beause -auth is always accepted. So the only
> ways I see to make this useful at all is to remove compatibility, or
> introduce some kind of version check, perhaps resurrecting the
> currently obsolete -version command:
>
> ;; -version CLIENT-VERSION: obsolete at birth.
> (`"-version" (pop args-left))
That would still break backward compatibility, wouldn't it? The old
servers would not accept this command anyway. Unless server would issue
it to client just after making connection. From what I see, the old
clients would "only" print error message.
In the worst case, the client could first try the new authenticating
scheme and on error reconnect with the old scheme.
--
Best regards, _ _
.o. | Liege of Serenly Enlightened Majesty of o' \,=./ `o
..o | Computer Science, Michal "mina86" Nazarewicz (o o)
ooo +-<mina86-mina86.com>-<jid:mina86-jabber.org>--ooO--(_)--Ooo--
pgp1sdj193qmy.pgp
Description: PGP signature
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, (continued)
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Juanma Barranquero, 2011/04/29
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/29
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/29
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Eli Zaretskii, 2011/04/30
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Richard Stallman, 2011/04/30
- Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Michal Nazarewicz, 2011/04/30
Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable, Stefan Monnier, 2011/04/29