On Fri, 3 Oct 2008, Bluebie, Jenna wrote:
> Yes, i know what HMAC is as I used it to create the initial cookie session
When you wrote
> > > when the key is embedded in to open source.
I thought you weren't familiar with it.
> store in Camping, which is now in _why's repo (yay!) but I simply don't
> understand how HMAC helps at all in this situation. Everyone who is able to
> comment (and let me be clear, that is everyone with a copy of shoes) would
> need their own secret which is shared with the shoes server. How is
Yes. We still wouldn't know *who* they were, but it would allow us to
block spam comments from a given user|robot identified by the key.
a3c19365a455026f0cd0677479c21fc5-of-Borg left a comment, and we recognise
that hash, (or we haven't blacklisted it yet), so they can post.
> authenticating everyone as an anonymous someone any different from assuming
> everyone is someone and doing no auth at all? And since when is eavsdropping
Only that once we've given them a key, we can change the lock if they are
abusive.
> an issue on the topic of ruby manual comments? What is the auth for? Is it
It's not: the comment is sent in the clear, the HMAC stops someone
abusing the system and giving the blame to an innocent party.
> just to proove to the server that this is indeed shoes talking to it? If so,
> that's a dodgy enough tactic in closed source, but this is open source!
The openness of the source isn't a problem. You still can't get the key
if it depends on a sufficiently random process to generate it, even if
you have the source. No, the key is to avoid accessibility issues
like CAPTCHA, while giving us some ability to lock out undesirables. But
it is relatively weak if it is generated by any shoes binary they download,
which I why I was thinking they'd have to ask for it in the first instance.
But that is registration, I suppose, so I'm back to having to throw a
double 6 to start.
> Nothing could possibly stop someone from simply copying the hmac auth script
> from the shoes manual in to their own spam bot, or more simply modifing the
HMAC is in an RFC containing C code, so anyone can build that. But they
hopefully can't hit on your key, so they can't give you a bad name.
> manual itself to send comments some insane amount of times instead of just
> once.
>
> Insanity I say!
>
I'm not terribly good at this security stuff, and we don't want it too
secure because we don't want to restrict which countries you can use shoes
in. But I'm trying to raise the barrier enough to stop the tide of
junk before it comes in. I'm hoping someone will say: I see what you're
trying to do, but you don't want HMAC, you want <this>.
Hugh
