Re: [Nbd] Easier use, authentication
- To: Alex Bligh <alex@...872...>
- Cc: nbd-general@lists.sourceforge.net, Wouter Verhelst <w@...112...>
- Subject: Re: [Nbd] Easier use, authentication
- From: Folkert van Heusden <folkert.van.heusden@...17...>
- Date: Mon, 26 Sep 2011 11:22:13 +0200
- Message-id: <CAFDOyVDtyN9uO0i3m0cz=o4+0dzgURBavny0QXbY5CkFt-aVvw@...18...>
- In-reply-to: <2235289953A877DFA05E14FA@...873...>
- References: <CAEjYwfXAjOwZ-=igJ6Ojyti43STga3uRwNTfjmzG4Eu8h2xmVg@...18...> <20110925222423.GB22107@...3...> <CAFDOyVCFjV+-0YkKz7D_6efo9GinxQg2N_PZgTzCw6cf-Sx2GA@...18...> <2235289953A877DFA05E14FA@...873...>
>> Imho authentication only makes sense with encryption as well.
>
> I don't think this is true.
> Assume 2 computers, Server and Client, with both and
> the network between them under the same administrative control,
> which prevents snooping. This scenario does not really need
> encryption. It does, however, need authentication, or a non-root
> user on client could access any server resource simply by opening
> a socket.
Hmm indeed that is an issue, this regular user connecting.
Maybe we can introduce a preshared handshake or so:
server: hi client, hash this challenge with our preshared key
concattenated to it
client: ...
and vice versa
where challenge is for example a 16 byte (byte, not bit) random.
Reply to: