On Sat, 2005-10-08 at 14:09 -0700, Paul Rubinhttp: wrote:
rbt [EMAIL PROTECTED] writes:
Off-topic here, but you've caused me to have a thought... Can hmac be
used on untrusted clients? Clients that may fall into the wrong hands?
How would one handle message verification when one cannot
rbt [EMAIL PROTECTED] writes:
I don't understand the question. HMAC requires that both ends share a
secret key; does that help?
That's what I don't get. If both sides have the key... how can it be
'secret'? All one would have to do is look at the code on any of the
clients and they'd
On Mon, 2005-10-10 at 05:54 -0700, Paul Rubinhttp: wrote:
rbt [EMAIL PROTECTED] writes:
I don't understand the question. HMAC requires that both ends share a
secret key; does that help?
That's what I don't get. If both sides have the key... how can it be
'secret'? All one would
rbt [EMAIL PROTECTED] writes:
Instead, for client #i, let that client's key be something like
hmac(your_big_secret, str(i)).digest()
and the client would send #i as part of the string.
How is this different from sending a pre-defined string from the client
that the server knows the md5
On Mon, 2005-10-10 at 07:46 -0700, Paul Rubinhttp: wrote:
rbt [EMAIL PROTECTED] writes:
Instead, for client #i, let that client's key be something like
hmac(your_big_secret, str(i)).digest()
and the client would send #i as part of the string.
How is this different from sending a
On Fri, 2005-10-07 at 15:07 -0700, Paul Rubinhttp: wrote:
rbt [EMAIL PROTECTED] writes:
The server just logs data, nothing else. It's not private or important
data... just sys admin type stuff (ip, mac addy, etc.). I just don't
want some script kiddie discovering it and trying to 'hack' it.
On 07/10/05, rbt [EMAIL PROTECTED] wrote:
I have written a python socketServer program and I have a few questions
This is a multithreaded non-blocking version of your server (not
tested), with a basic attempt to hande errors.
from socket import *
from SocketServer import *
import time,
rbt [EMAIL PROTECTED] writes:
Off-topic here, but you've caused me to have a thought... Can hmac be
used on untrusted clients? Clients that may fall into the wrong hands?
How would one handle message verification when one cannot trust the
client? What is there besides hmac? Thanks, rbt
I
I have written a python socketServer program and I have a few questions
that I hope the group can answer... here is a simple version of the
server:
class tr_handler(SocketServer.StreamRequestHandler):
def handle(self):
data = self.rfile.readline(300)
data =
rbt [EMAIL PROTECTED] writes:
1. Do I need to use threads to handle requests, if so, how would I
incorporate them? The clients are light and fast never sending more
than 270 bytes of data and never connecting for more than 10 seconds
at a time. There are currently 500 clients and potentially
Paul Rubin wrote:
rbt [EMAIL PROTECTED] writes:
1. Do I need to use threads to handle requests, if so, how would I
incorporate them? The clients are light and fast never sending more
than 270 bytes of data and never connecting for more than 10 seconds
at a time. There are currently 500 clients
On Fri, 2005-10-07 at 09:17 -0700, Paul Rubinhttp: wrote:
3. How do I keep people from tampering with the server? The clients
send strings of data to the server. All the strings start with x and
end with y and have z in the middle. Is requiring x at the front and
y at the back and z
rbt [EMAIL PROTECTED] writes:
The server just logs data, nothing else. It's not private or important
data... just sys admin type stuff (ip, mac addy, etc.). I just don't
want some script kiddie discovering it and trying to 'hack' it. By doing
so, they'd fill the log up with crap. So, If the
13 matches
Mail list logo