Re: [Nbd] Easier use, authentication

To: Alex Bligh <alex@...872...>
Cc: nbd-general@lists.sourceforge.net, Wouter Verhelst <w@...112...>
Subject: Re: [Nbd] Easier use, authentication
From: Folkert van Heusden <folkert.van.heusden@...17...>
Date: Mon, 26 Sep 2011 11:22:13 +0200
Message-id: <CAFDOyVDtyN9uO0i3m0cz=o4+0dzgURBavny0QXbY5CkFt-aVvw@...18...>
In-reply-to: <2235289953A877DFA05E14FA@...873...>
References: <CAEjYwfXAjOwZ-=igJ6Ojyti43STga3uRwNTfjmzG4Eu8h2xmVg@...18...> <20110925222423.GB22107@...3...> <CAFDOyVCFjV+-0YkKz7D_6efo9GinxQg2N_PZgTzCw6cf-Sx2GA@...18...> <2235289953A877DFA05E14FA@...873...>

>> Imho authentication only makes sense with encryption as well.
>
> I don't think this is true.
> Assume 2 computers, Server and Client, with both and
> the network between them under the same administrative control,
> which prevents snooping. This scenario does not really need
> encryption. It does, however, need authentication, or a non-root
> user on client could access any server resource simply by opening
> a socket.

Hmm indeed that is an issue, this regular user connecting.

Maybe we can introduce a preshared handshake or so:
server:  hi client, hash this challenge with our preshared key
concattenated to it
client: ...
and vice versa
where challenge is for example a 16 byte (byte, not bit) random.

Reply to:

References:
- [Nbd] Easier use, authentication
  - From: Christian Jaeger <chrjae@...17...>
- Re: [Nbd] Easier use, authentication
  - From: Wouter Verhelst <w@...112...>
- Re: [Nbd] Easier use, authentication
  - From: Folkert van Heusden <folkert.van.heusden@...17...>
- Re: [Nbd] Easier use, authentication
  - From: Alex Bligh <alex@...872...>

Prev by Date: Re: [Nbd] Easier use, authentication
Next by Date: Re: [Nbd] Easier use, authentication
Previous by thread: Re: [Nbd] Easier use, authentication
Next by thread: Re: [Nbd] Easier use, authentication
Index(es):
- Date
- Thread