comment on

You could send the client a salt and have them crypt their password with it and send it back to you. Someone only needs to sniff 4096 authentications, however, to know the correct response for each possible salt combination. If, however, you sent the client the time the client could crypt the password and repeatedly crypt that result with the next pair of characters from the time. This has the advantage that the key will never be repeated provided you prevent someone from logging on twice in the same second. I'm no cryptoanalyst so there might be a better way of hashing the password with the time than repeatedly crypting it with the time's character pairs, one of the Crypt modules might offer a better solution.

In reply to Re: Authenticating to a sockets program by Anonymous Monk
in thread Authenticating to a sockets program by swiftone

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.