swiftone has asked for the wisdom of the Perl Monks concerning the following question:

I'm working on a simple sockets based game. Players will need to be able to connect to the server and authenticate themselves. Since this is sockets based, I don't have access to SSH or SSL or other neat tricks. How can I prevent basic password snooping over the line?

Replies are listed 'Best First'.
Re: Authenticating to a sockets program
by Anonymous Monk on Jun 20, 2000 at 23:39 UTC
    You could send the client a salt and have them crypt their password with it and send it back to you. Someone only needs to sniff 4096 authentications, however, to know the correct response for each possible salt combination. If, however, you sent the client the time the client could crypt the password and repeatedly crypt that result with the next pair of characters from the time. This has the advantage that the key will never be repeated provided you prevent someone from logging on twice in the same second. I'm no cryptoanalyst so there might be a better way of hashing the password with the time than repeatedly crypting it with the time's character pairs, one of the Crypt modules might offer a better solution.
[reply]

Back to Seekers of Perl Wisdom