The security protocol is good.
The main problem that still stands is - why?
As people wrote before - you have better options. But in case you choose
this light-weight service, please recall that this service will
A) have high security clearances (it's a service that can do shutdown).
B) will pharse input from the (untrusted) network.
Most likely that you'll get some buffer overflow/malformed input
vulnerability/anything in this class. You also will need to make sure that
the challanges that Eskimo sends are random enough.
To conclude - use ssh's services.
--
Orr Dunkelman,
[EMAIL PROTECTED]
"If it wasn't for C, we'd be writing programs in BASI, PASAL, and OBOL", anon
Spammers: http://vipe.technion.ac.il/~orrd/spam.html
GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA
(This key will never sign Emails, only other PGP keys.)
On Fri, 16 Jun 2006, Shlomi Fish wrote:
Hi all!
The iglu.org.il server had to be rebooted several times in the past months,
because it has become unresponsive. It has some potential problems like a
lack of enough memory, etc. (we are planning a memory upgrade). Nevertheless,
this time (and as I recall others) it still answered pings and could initiate
HTTP connections.
What I would like to have there is a lightweight network service that upon
receiving a remote signal will initiate a shutdown of all services except
sshd. I'll worry about what exactly to shutdown and how, but would like to
consult the collective wisdom of Linux-IL regarding how to securely transmit
the signal.
The scheme I've been thinking is this:
1. My home machine (let's call it Redwolf) initiates the connection.
2. The service (let's call it Eskimo) sends Redwolf a random string of bits.
3. Redwolf receives this string and encrypts it using a symmetrical (= private
key) key algorithm, and using a key that only him and Eskimo knows. (Assume
that this key can be decided upon in advance).
4. Redwolf sends the encrypted string back to Eskimo.
5. Eskimo encrypts the string he sent Redwolf himself, compares it to the
string Redwolf sent and if they are identical initiates the shutdown process.
Is this scheme cryptologically secure? (Assuming there isn't a weakness in the
encryption algorithm). Was it proven to be so? If it does have a weakness
what is a better (and hopefully proven) scheme?
Thanks in advance and I'm sorry that I didn't use Alice and Bob here.
Shlomi Fish
---------------------------------------------------------------------
Shlomi Fish [EMAIL PROTECTED]
Homepage: http://www.shlomifish.org/
95% of the programmers consider 95% of the code they did not write, in the
bottom 5%.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
