On Mon, 2 Feb 2004, Andrew Jorgensen wrote:
> Now, the real crypto guys are going to scream at me 'cause there are
> some important things that have to go into this for it to be really
> secure. Make sure your challenge is random enough and long enough to not
> be very likely repeated.
>
> I've never actually implemented this BTW.
Indeed; home-grown crypto is almost always completely and utterly broken.
(Although your overview seemed quite good).
> SSL is, of course, a better way (though not perfect either).
Right. You're not going to get much of any security without a secure channel
like SSL. SSL + digest authentication should be quite simple to set up and
will get you most of the way to where you want to go.
-J
____________________
BYU Unix Users Group
http://uug.byu.edu/
___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
