From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Michal Nazarewicz Newsgroups: gmane.emacs.devel Subject: Re: [PATCH] lisp/server.el: Introduction of server-auth-key variable Date: Sun, 01 May 2011 02:44:02 +0200 Message-ID: <87bozn5jxp.fsf@erwin.mina86.com> References: <835b9d42b15c18e5adf7381138f347061fbc17e8.1298381336.git.mina86@mina86.com> <87fwoz5oz1.fsf@erwin.mina86.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Trace: dough.gmane.org 1304210711 10020 80.91.229.12 (1 May 2011 00:45:11 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sun, 1 May 2011 00:45:11 +0000 (UTC) Cc: Michal Nazarewicz , Stefan Monnier , emacs-devel@gnu.org To: Juanma Barranquero Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun May 01 02:45:07 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QGKmZ-0007LQ-Ad for ged-emacs-devel@m.gmane.org; Sun, 01 May 2011 02:45:07 +0200 Original-Received: from localhost ([::1]:39203 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGKmY-0003c9-KE for ged-emacs-devel@m.gmane.org; Sat, 30 Apr 2011 20:45:06 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:34675) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGKmV-0003aU-2m for emacs-devel@gnu.org; Sat, 30 Apr 2011 20:45:03 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QGKmT-0001gx-JH for emacs-devel@gnu.org; Sat, 30 Apr 2011 20:45:03 -0400 Original-Received: from mail-wy0-f169.google.com ([74.125.82.169]:37869) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QGKmT-0001gd-B4 for emacs-devel@gnu.org; Sat, 30 Apr 2011 20:45:01 -0400 Original-Received: by wyf19 with SMTP id 19so4363585wyf.0 for ; Sat, 30 Apr 2011 17:45:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:from:to:cc:subject:references:x-face :face:x-url:x-pgp-fp:x-pgp:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=7E3joU05iQwiL9E+sBhaAIQ6PuMqCiNUABqblEGidBk=; b=rEZ3TbajgMJ8zxmE4/uzmvmUHWXv0ZoXK0mFBliVYZNKplLqx28GoBwILWa+jFuWcU uczCw2jvRKux2Dy0M5noDTzHtjiZZZyDmVyfgVAHFzobRuw44enDZuRklxwo9p/GkxAz pzd/7QbUbKq6KTig8sRPeRuSJEUYWVpkZFrR4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:from:to:cc:subject:references:x-face:face:x-url:x-pgp-fp :x-pgp:date:in-reply-to:message-id:user-agent:mime-version :content-type; b=sQbNlaTighu8CykSYmWi3Z+OTVzlgMoHy8aRVNwtqmc1T1JxjZSDSYTflv0DIQQC/Q mfkljaSRRdyK2TejLj4MG/6I0cvU834lWOmng2f7GODMFbzVCMhqwhbkki2weVK0/hAD H+RLaUIFzE/lUhsCgi8LvSZTWyF2m8y0RXqBk= Original-Received: by 10.227.174.14 with SMTP id r14mr2559068wbz.30.1304210699803; Sat, 30 Apr 2011 17:44:59 -0700 (PDT) Original-Received: from erwin.piotrekn (84-72-135-97.dclient.hispeed.ch [84.72.135.97]) by mx.google.com with ESMTPS id z13sm2537843wbd.29.2011.04.30.17.44.57 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 30 Apr 2011 17:44:58 -0700 (PDT) X-Face: PbkBB1w#)bOqd`iCe"Ds{e+!C7`pkC9a|f)Qo^BMQvy\q5x3?vDQJeN(DS?|-^$uMti[3D*#^_Ts"pU$jBQLq~Ud6iNwAw_r_o_4]|JO?]}P_}Nc&"p#D(ZgUb4uCNPe7~a[DbPG0T~!&c.y$Ur,=N4RT>]dNpd; KFrfMCylc}gc??'U2j,!8%xdD Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWbfGlUPDDHgE57V0jUupKjgIObY0PLrom9mH4dFRK4gmjPs41MxjOgAAACQElEQVQ4jW3TMWvbQBQHcBk1xE6WyALX1069oZBMlq+ouUwpEQQ6uRjttkWP4CmBgGM0BQLBdPFZYPsyFUo6uEtKDQ7oy/U96XR2Ux8ehH/89Z6enqxBcS7Lg81jmSuujrfCZcLI/TYYvbGj+jbgFpHJ/bqQAUISj8iLyu4LuFHJTosxsucO4jSDNE0Hq3hwK/ceQ5sx97b8LcUDsILfk+ovHkOIsMbBfg43VuQ5Ln9YAGCkUdKJoXR9EclFBhixy3EGVz1K6eEkhxCAkeMMnqoAhAKwhoUJkDrCqvbecaYINlFKSRS1i12VKH1XpUd4qxL876EkMcDvHj3s5RBajHHMlA5iK32e0C7VgG0RlzFPvoYHZLRmAC0BmNcBruhkE0KsMsbEc62ZwUJDxWUdMsMhVqovoT96i/DnX/ASvz/6hbCabELLk/6FF/8PNpPCGqcZTGFcBhhAaZZDbQPaAB3+KrWWy2XgbYDNIinkdWAFcCpraDE/knwe5DBqGmgzESl1p2E4MWAz0VUPgYYzmfWb9yS4vCvgsxJriNTHoIBz5YteBvg+VGISQWUqhMiByPIPpygeDBE6elD973xWwKkEiHZAHKjhuPsFnBuArrzxtakRcISv+XMIPl4aGBUJm8Emk7qBYU8IlgNEIpiJhk/No24jHwkKTFHDWfPniR 4iw5vJaw2nzSjfq2zffcE/GDjRC2dn0J0XwPAbDL84TvaFCJEU4Oml9pRyEUhR3Cl2t01AoEjRbs0sYugp14/4X5n4pU4EHHnMAAAAAElFTkSuQmCC X-Url: http://mina86.com/ X-PGP-FP: 9134 06FA 7AD8 D134 9D0C C33F 532C CB00 B7C6 DF1E X-PGP: B7C6DF1E In-Reply-To: (Juanma Barranquero's message of "Sun, 1 May 2011 01:59:25 +0200") User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/24.0 (Slckware Linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 74.125.82.169 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:138936 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Juanma Barranquero writes: > 2011/5/1 Michal Nazarewicz : > >> Depending on how paranoid are we, MD5 could feel too weak though. >> (Also, one could wish for HMAC.) > > I am not feeling particularly paranoid just now, seeing as we've been > using a cleartext authentication key for the past few years... Yep, that was my impression. ;) >> Actually, server would have to generate the nonce. =C2=A0Otherwise, the >> authentication scheme would be prone to replay attacks and would really >> defy the purpose of nonce. > > OK, I in fact prefer to generate the nonce in elisp. > >> That would still break backward compatibility, wouldn't it? =C2=A0The old >> servers would not accept this command anyway. =C2=A0Unless server would = issue >> it to client just after making connection. =C2=A0From what I see, the old >> clients would "only" print error message. > Yeah, but a failed -auth closes the connection and deletes the > process, while an unknown command just issues an error message. My reading of searver.el is that anything other then -auth is consider a failed authentication. How about adding additional information to the server file which would just be ignored by old clients but new client would read it and use the new authentication. My reading of emacsclient.c is that it ignores anything after reading the key. Actually, now that I look at it, it seems that the patch needs some more works since both server and client have some assumption about the key (eg. client reads exactly 64 bytes). I'll take care of it on Monday. =2D-=20 Best regards, _ _ .o. | Liege of Serenly Enlightened Majesty of o' \,=3D./ `o ..o | Computer Science, Michal "mina86" Nazarewicz (o o) ooo +----ooO--(_)--Ooo-- --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEARECAAYFAk28rNkACgkQUyzLALfG3x5FewCgry8by7HWxvUxIbOsuZ7pSOjU DdsAnROKNo18cmdeiUk6+PxM5No2RcUi =0QiZ -----END PGP SIGNATURE----- --=-=-=--