[JDEV] Encryption
Thomas Muldowney
temas at box5.net
Wed Aug 16 15:42:00 CDT 2000
I can outline some weak points in this method if you would like, but I can't
do that till later. For now I would just ask why not use the SSL that is
already built into the server? It is essentially what your asking for, but
as always it should be noted this only works for c2s to a singler server, with
no external hookups, is generally safe.
--temas
On Wed, Aug 16, 2000 at 12:06:28PM -0700, Paul Goh wrote:
> I need to implement a simple encryption scheme on Jabber to ensure a secure
> communication channel, and I thought up a very simple scheme. I will try my
> best to explain it, please comment on the loopholes or disadvantages.
>
> Scenario:
> 1. Client request to connect to server.
>
> 2. Jabber server generates a key pair (Ksp - server public key and Ksr -
> server private key) and send the public key Ksp to client.
>
> 3. Client generates a key pair (Kcp - client public key and Kcr- client
> private key), encrypts the message (which contains the client's public key
> Kcp) with the server's public key Ksp (EKsp(Msg)), and send the ciphertext
> back to the server. By this step, a secure channel is established, with the
> client and server holding each other's public key.
>
> 4. Since different key pairs are generated by the client and the server for
> each single session, security level is pretty high.
>
> 5. The client can then be authenticated with user name and password, which
> is sent through secure key encrypted channels.
>
> Please comment.
>
> Paul
>
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <https://www.jabber.org/jdev/attachments/20000816/1e6801bd/attachment-0002.pgp>
More information about the JDev
mailing list