Motivation for a Basic Authentication to go with Basic Protocol

1
Motivation for a Basic Authentication to go with
Basic Protocol

• Components are processes listening on sockets
• Need a level of authentication to reject
  connection attempts from strangers
• For basic protocol, which uses only standard
  socket operations, basic authentication should
  use no extra machinery
• Need something to get started testing
  interactions among components need not be
  long-term solution
• Can be hidden in library as part of send-message

2
Proposal for Basic Authentication

• To go with basic wire protocol
• From Tanenbaums Computer Networks book
• Shared secret key challenge/response algorithm
• When A wants to connect to B
• A connects to (host,port) where B is listening
• B temporarily accepts connection
• B seeds random number generator with microsecond
  part of time-of-day
• B generates random number and challenges A with
  it
• A concatenates random number with password,
  encrypts it and sends to B as response
• B concatenates random number with password,
  encrypts it, and compares with As response
• If they dont match, B closes the socket
• Requires no machinery except Unix crypt (56 bits)
  or md5 (128 bits) (md5 is portable to Windows)