|
Posted by Volker Birk on April 15, 2006, 6:59 am
If you were Registered and logged in, you could reply and use other advanced thread options
In comp.security.misc gmu2006@gmail.com wrote:
> I'm working on a commercial product which was ported from
> win32 to GNU/Linux. While doing so we have used TCP/IP
> sockets instead of Named Pipes for IPC. By doing so
> we've lost the big advantage of having DACLs set on the
> named pipes that prevent unauthorized access to the
> services.
Yes. In a *NIX environment, the network service has to implement its
own security system.
> Now I'm trying to recreate that with the tcp sockets version.
> Because of the performance hit we can't use TLS which
> checks client+server certificates for preventing MITM.
This is a completely other topic. For preventing MITM attacks,
implementing authentication is not enough, neither with ACLs on named
pipes, nor with authentication implemented for network services using
TCP sockets.
> * is it legal to use libsrp with the embedded 1996 copy of
> getopt.[c,h] which says it is licensed
> "GNU Library General Public License" under.
Yes. LGPL means, you may link to and you may keep your own code closed
source and proprietary.
> * what other options do I have to implement secure
> authentication (secret not visible on wire) without encrypting
> the channel
Use public key cryptography for key exchange:
http://en.wikipedia.org/wiki/Public-key_cryptography
http://en.wikipedia.org/wiki/Password-authenticated_key_agreement
http://en.wikipedia.org/wiki/Encrypted_key_exchange
Or use RSA or DSA:
http://en.wikipedia.org/wiki/RSA
http://en.wikipedia.org/wiki/Digital_Signature_Algorithm
Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain
| 
XML site map