please tell me why this is stupid
Richard Gaskin
ambassador at fourthworld.com
Fri Sep 2 11:33:54 EDT 2011
I need a lightweight embeddable solution for encrypting socket traffic
between two LiveCode-based apps. This is peer-to-peer, so there is no
other software involved (no Apache or anything else), just two apps each
with an Internet connection, which may be anywhere in the world.
For the purposes of this discussion, let's assume that this encryption
needs to be super-easy for users to set up, so a standard SSL
certificate may not be ideal.
And since the communication is only between two apps I would write in
LiveCode, we don't need the interoperability advantages of using a
standard anyway, so I'm free to explore anything I like, such as the
following:
The weakest point in client-server communications is sending the
authentication data (user name and password). With FTP and Basic HTTP
authentication, for example, those are sent as clear text, exposing the
system to anyone intercepting the login traffic.
So it occurs to me that before the authentication data is sent, the
first request to the server app could be to ask for a token. This token
would be a hash (probably SHA1) of the client app's IP address, the time
in millisecs, and other arbitrary data.
This token is sent back to the client, which then uses it as the
encryption key for the authentication data, and after authentication it
continues to use the token to encrypt all other data sent during the
session.
Any attempt to send data encrypted with the token from another IP
address would be rejected by the server since it doesn't match the IP
address used to create the token.
Similarly, any attempt to use that token in another session would also
fail since the time stamp would no longer be within the time limit for
the session.
And of course once the data itself it accepted, the user name and
password would need to match the server's list of known users to do
anything further, now less likely since they were never sent as clear text.
For a reasonable level of security, this would seem at first glance to
solve the problem.
The upside to this approach is that it's dirt-simple to implement.
The downside is that it's dirt-simple to implement, so my instincts tell
me there's likely something obviously wrong with it that I'm just not
seeing at the moment.
So please help me out: why is this a stupid idea?
TIA -
--
Richard Gaskin
Fourth World
LiveCode training and consulting: http://www.fourthworld.com
Webzine for LiveCode developers: http://www.LiveCodeJournal.com
LiveCode Journal blog: http://LiveCodejournal.com/blog.irv
More information about the use-livecode
mailing list