trying to implement a basic authentication mechanism
- From: Anuz <chambilkethakur@xxxxxxxxx>
- Date: Tue, 25 May 2010 06:52:14 -0700 (PDT)
I am trying to implement some form of basic authentication mechanism.
Suppose I have a server process A, to which other client process B, C,
D etc connect using some form a IPC.
I want to allow only genuine client process to connect to server
process A, if any Malicious or unknown process tries to connect, it
should deny/close the connection.
So in order to provide such mechanism. I took two numbers one as
"server_id" and other as "salt/cipher". Using "server_id" and "salt",
I create a set of keys based on "client_ids". Now on client side, I
take its "id" and using "server_id" and "salt", I create a unique
"identifier", which is encrypted using setkey() and encrypt()
function. This "encrypted string" is then sent to server process for
authentication. On server side using key , "encrypted string" is
decrypted and the value is compared against the set of keys, which
were previously generated based on client ids.
Since, the "encrypted key" is generated using three numbers i.e.
"client id", "salt" and "server_id", the malicious program cannot
connect until unless, it knows all three numbers.
However, the problem is I donno how can I possibly store these
numbers? Client ids need not to be stored, since they are based on
client numbers. However client and server both should know these keys
in order to generate(or verify against) encrypted string.
For now I have hardcoded both number in code(server and client side)
as "automatic const", but that is a very bad idea. I cannot generate
random or timebased keys, since sync between client and server is
difficult to implement.
I have very little familiarity with security mechanisms(implementation
or usage). Can anyone suggest a better way of doing this?
- Prev by Date: Extended deadline (15 July 2010): CACS Singapore [EI Compendex,ISTP,IEEE Xplore]
- Next by Date: Nike,Jordan,Gucci,Adidas,Puma,Ed hardy,Polo,BBC,Gucci,Armani,LV,Christina Audigier Tshirt and Jeans--- www.tradingspring.com
- Previous by thread: Extended deadline (15 July 2010): CACS Singapore [EI Compendex,ISTP,IEEE Xplore]
- Next by thread: Nike,Jordan,Gucci,Adidas,Puma,Ed hardy,Polo,BBC,Gucci,Armani,LV,Christina Audigier Tshirt and Jeans--- www.tradingspring.com