From: David Brown <git@davidb.org>
To: Petr Baudis <pasky@suse.cz>
Cc: "H. Peter Anvin" <hpa@zytor.com>, Git Mailing List <git@vger.kernel.org>
Subject: Re: The git protocol and DoS
Date: Wed, 19 Oct 2005 17:20:41 -0700 [thread overview]
Message-ID: <20051020002040.GA30232@old.davidb.org> (raw)
In-Reply-To: <20051019222044.GP30889@pasky.or.cz>
On Thu, Oct 20, 2005 at 12:20:44AM +0200, Petr Baudis wrote:
> If (well, it sounds like a good idea, so rather "when") you do this,
> it would be a good idea to do in a way that makes it easy to later add
> support for some kind of authentication (really, not everyone wants to
> give away ssh accounts). Let's say it works like:
>
> [client] git-upload-pack <path>
> [server] challenge somethingnonsensical
> [client] challenge-response <username>:sha1(somethingnonsensical<password>)
> [server] All right, the pack goes like this...
>
> Suddenly you have support for hopefully secure authentication, and at
> the same time you have the cookie implemented in backwards-compatible
> fashion (in the sense that new client will be able to talk to old
> server) - just assume the username and password empty. This might be
> even hardcoded for now, just leave a room for its addition (in an
> elegant and compatible way) in the protocol, please.
This kind of password authentication has several problems that make it
fairly unpractical. It is prone to easy dictionary attacks for one thing.
It also for a spoofed server to do replays, and the likes. It also
requires the server to store plaintext passwords.
There are other, much better, authentication algorithms, but short of doing
signatures, none are really much more secure. The closest you'll get to
secure remote passwords is SRP <http://srp.stanford.edu/>, which is quite
good, and doesn't even require plaintext passwords to be stored. It might
just be easier at that point to use signatures, though.
Dave
next prev parent reply other threads:[~2005-10-20 0:21 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-19 20:00 The git protocol and DoS H. Peter Anvin
2005-10-19 20:50 ` Junio C Hamano
2005-10-19 20:55 ` H. Peter Anvin
2005-10-19 21:06 ` Junio C Hamano
2005-10-19 21:59 ` H. Peter Anvin
2005-10-19 21:31 ` Linus Torvalds
2005-10-19 21:54 ` Junio C Hamano
2005-10-19 22:01 ` H. Peter Anvin
2005-10-19 22:20 ` Petr Baudis
2005-10-19 22:39 ` Tony Luck
2005-10-20 0:20 ` David Brown [this message]
2005-10-20 8:16 ` Andreas Ericsson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051020002040.GA30232@old.davidb.org \
--to=git@davidb.org \
--cc=git@vger.kernel.org \
--cc=hpa@zytor.com \
--cc=pasky@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).