trying to implement a basic authentication mechanism



Hi all,
I am trying to implement some form of basic authentication mechanism.
Suppose I have a server process A, to which other client process B, C,
D etc connect using some form a IPC.
I want to allow only genuine client process to connect to server
process A, if any Malicious or unknown process tries to connect, it
should deny/close the connection.
So in order to provide such mechanism. I took two numbers one as
"server_id" and other as "salt/cipher". Using "server_id" and "salt",
I create a set of keys based on "client_ids". Now on client side, I
take its "id" and using "server_id" and "salt", I create a unique
"identifier", which is encrypted using setkey() and encrypt()
function. This "encrypted string" is then sent to server process for
authentication. On server side using key , "encrypted string" is
decrypted and the value is compared against the set of keys, which
were previously generated based on client ids.
Since, the "encrypted key" is generated using three numbers i.e.
"client id", "salt" and "server_id", the malicious program cannot
connect until unless, it knows all three numbers.
However, the problem is I donno how can I possibly store these
numbers? Client ids need not to be stored, since they are based on
client numbers. However client and server both should know these keys
in order to generate(or verify against) encrypted string.
For now I have hardcoded both number in code(server and client side)
as "automatic const", but that is a very bad idea. I cannot generate
random or timebased keys, since sync between client and server is
difficult to implement.

I have very little familiarity with security mechanisms(implementation
or usage). Can anyone suggest a better way of doing this?

Thanks
Anuz
.



Relevant Pages

  • Re: What doesnt lend itself to OO?
    ... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ...
    (comp.object)
  • Re: More Get-IPlayer Questions
    ... to use with mutt mail client. ... antinat - 0.90-4 - Antinat is a flexible SOCKS server and client ... protocol for Sybase or MS SQL Server. ... ifstat - 1.1-1 - InterFace STATistics Monitoring ...
    (uk.comp.os.linux)
  • This is going straight to the pool room
    ... or not the client has privilege to do what they're trying to do, ... The server environment is this: ... 3GL User action Routines that Tier3 will execute on your behalf during the ... Routine Name: USER_INIT ...
    (comp.os.vms)
  • [Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42
    ... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ...
    (Full-Disclosure)
  • Re: What doesnt lend itself to OO?
    ... > rather than client code. ... no way to do that without also touching the object with clock semantics ... will not encapsulate both clock semantics and network semantics. ... The server can do whatever it wants ...
    (comp.object)