Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable

[Michal Nazarewicz]

Juanma Barranquero <address@hidden> writes:

> 2011/5/1 Michal Nazarewicz <address@hidden>:
>
>> Depending on how paranoid are we, MD5 could feel too weak though.
>> (Also, one could wish for HMAC.)
>
> I am not feeling particularly paranoid just now, seeing as we've been
> using a cleartext authentication key for the past few years...

Yep, that was my impression. ;)

>> Actually, server would have to generate the nonce.  Otherwise, the
>> authentication scheme would be prone to replay attacks and would really
>> defy the purpose of nonce.
>
> OK, I in fact prefer to generate the nonce in elisp.
>
>> That would still break backward compatibility, wouldn't it?  The old
>> servers would not accept this command anyway.  Unless server would issue
>> it to client just after making connection.  From what I see, the old
>> clients would "only" print error message.

> Yeah, but a failed -auth closes the connection and deletes the
> process, while an unknown command just issues an error message.

My reading of searver.el is that anything other then -auth is consider
a failed authentication.

How about adding additional information to the server file which would
just be ignored by old clients but new client would read it and use the
new authentication.  My reading of emacsclient.c is that it ignores
anything after reading the key.

Actually, now that I look at it, it seems that the patch needs some more
works since both server and client have some assumption about the key
(eg. client reads exactly 64 bytes).  I'll take care of it on Monday.

-- 
Best regards,                                          _     _
 .o. | Liege of Serenly Enlightened Majesty of       o' \,=./ `o
 ..o | Computer Science,  Michal "mina86" Nazarewicz    (o o)
 ooo +-<mina86-mina86.com>-<jid:mina86-jabber.org>--ooO--(_)--Ooo--

pgpv0fStntwpe.pgp
Description: PGP signature