--On Monday, April 15, 2002 9:52 PM +0200 Werner Reisberger <werner@pure.ch> wrote:
I suggest that a truly secure system would have authentication tokens which were only valid on a single occasion; perhaps the system should randomly change the X-Command password after each command, and email the new password to the maintainer address. (Ideally, of course, it wouldn't even do that; the maintainer would have a list of passwords which would be used in order, and have some secure means of getting more passwords.)
I think there is a less cumbersome solution: The maintainer password is encrypted together with a sequence number. On the list server the password will be decrypted together with the sequence number. If the stored sequence number is 1 smaller than the actual one the xcommand will be executed. Otherwise the maintainer will receive an email with the current sequence number. Someone intercepting the sequence number gains nothing. By this means the cipher cannot be reused.
How about making the password a key (or access to) to the encryption, and *not* transmitting it, but encrypt the xcommand instead? It would allow an attacker to redo an intercepted command, but only that one (and hopefully they don't know what it is.) Put a time stamp in and they can't even do that. Of course, that is only a couple of steps short of a full public/private key system... Daniel T. Staal ------------------------------------------------------------------------ This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. ------------------------------------------------------------------------