Authenticating authorised clients was Re: Helpful clients in client-server Nethack

In article news:<dnuvts$e4r$1@xxxxxxxxx>, Janis Papanagnou says...
> Andrew Kerr wrote:
> >
> > Actually, I think obfuscation could do the trick for an annual
> > tournament. For example:
> >
> > - Encrypted version of communication protocol using symmetric cypher
>
> Why not asymmetric? You'd get rid of some problems that are inherent
> to symmetric cipher protocols.
>
> > - Key different for each tourny
> >
> > - Tournament versions of server and clients are closed source to hide
> > the key
>
> So use asymmetric ciphers, then.

I don't see how an asymmetric cypher would help. The problem is ensuring
that the client is approved by the organisers. We are not trying to
secure the IP socket itself.

And having phrased the problem like that, suddenly I see a better way:
CHAP, challenge handshake authentication protocol. Client-server NH
protocol remains plaintext.

The closed source clients and server know a passphrase. On connection,
the server sends a challenge including random salt. The client combines
the salt and passphrase, feeds the result through a hash function, and
sends the hash to the server. The server checks this against its own
calculation. If accepted, the server still challenges the client with a
different salt value at random intervals.

(As asymmetric cyphers are relatively processor intensive, it is
standard practice to use one only to arrange a session key for a
symmetric cyper, with which the plaintext is encrypted. https and ssh do
this.)

> Every system that has the (symmetric) key hard coded in the code (or
> in the configuration files) and is passed to the end user needs no
> public test; it is insecure by design.

It doesn't need to be unbreakable. It needs to be as hard to cheat as it
is now, since we already know that the current level of protection is
sufficient.
.

Relevant Pages

  • Re: network booting
    ... So the client would need to tell on which offset into on of the ... The client asks the server to open a specific file (by ... component of DOS 3.3, as well as RWTS. ... code on the C64 can send commands (using a serial protocol called IEC) ...
    (comp.sys.apple2)
  • Re: client -server interaction over XML supporting multiple protocols
    ... > NETBEUI to access the server to access the functionalities exposed. ... > server doesnot know in advance which client is using what protocol. ... size of the XML and Xfunctionality will determine the demands ...
    (comp.lang.cpp)
  • OpenSSH: SSH2 sshd - Increase key size from 2048 to 8192 bits (Cygwin)
    ... I am only using the SSH2 protocol. ... key, normally 768 bits, generated when the server starts. ... The client compares the RSA host key ... the server and the client enter an authentication ...
    (comp.security.ssh)
  • Re: Help a Noobie please with opening a port
    ... Unless the WARP client is making CERN proxy requests, ... 'Selected Protocols' and created a new protocol using Port range ... LocalHost or Internal (if on other server) ... Microsoft ISA Server Partners: Partner Hardware Solutions ...
    (microsoft.public.isaserver)
  • Re: What doesnt lend itself to OO?
    ... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ...
    (comp.object)
Loading