At 9:32 AM +1000 8/9/06, Antony Mawer wrote:


What if we improved upon this - if instead of storing
the hostname and IP address, we stored a one-way hash
of this information? OpenSSH in recent versions takes
the same approach with its authorized_keys files...

A scattered list of ideas:

It might be useful to keep part of the domain-name
in plain-text.  Just a minimal part, such as '.edu'
or '.co.uk'.  So that would be one value sent/saved.

Then have an MD5 hash of `hostname` (hashing the full
hostname, including full domain), or maybe a hash of
the output from: hostname ; ifconfig | grep ether

Eg:   hostname ; ifconfig | grep ether
      freefour.acs.rpi.edu
              ether 00:09:5b:01:02:03
              ether 00:11:09:09:08:07
(this machine has two ethernet cards in it, and no,
those are not the real MAC addresses of the cards... :-)

==>   (hostname ; ifconfig | grep ether) | md5
      0670be39b40dc52d996e1a6dcee6cca7

Maybe combine that with the partial-domain, to get
      0670be39b40dc52d996e1a6dcee6cca7.edu

Further, whatever value you decide to use to create a
unique value, you could just save that value away in
some file under /var/db .  If the file does not exist,
then create it and store the probably-unique value.
That way you can pick some algorithm which should
produce a unique result, and not worry if the value
of that algorithm might change (on a single machine)
over time.  You'll only calculate it once, and then
keep using that result.

--
Garance Alistair Drosehn     =               [EMAIL PROTECTED]
Senior Systems Programmer               or   [EMAIL PROTECTED]
Rensselaer Polytechnic Institute;             Troy, NY;  USA
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to