quasi random (kaolinfire) wrote,
quasi random

one time passwords

:does a dance of joy:

I understand! I understand! It all came clear to me in a flash, a splash, a gentle pitter patter of "OH DAMN, YEAH!"

See, I wanted to write a chat server/client, and... I didn't want to transmit plain text passwords. Right?

Right. (???)

okay. client connects to server, server challenges client with a unique phrase... client one-way-encrypts password with said phrase... server one-way-encrypts the local password with said phrase. and bam. :)

the one problem then is the server doesn't really have the password either. though that's not entirely a problem I guess. Everything's salted already... so the client just has to know how to salt, and then sends the salt encrypted by a OTP.

what encryption to use... salt again? might as well since it's already there... except salt only operates on two letters. so that wouldn't make a huge set of OTPs. maybe salt a salt a salt a salt a salt. I guess I need to do more reading to see if salting twice is any more secure than salting once. Or find some other way to do it.

  • feedback loops

    Ah, feedback loops. I was kind of out of sorts, yesterday, and for some reason had a lot of diet coke (to try to feel better, though I "knew" it…

  • What would I say?

    What would I say, if I were here? It's 2014, almost 2015—though on and off this year, I've been sure it was 2015. Something about that number. Next…

  • a list of games....

    A friend recently asked for a list of all the games I have available. And I'd made most of this list up a week ago, for someone else, and figured,…

  • Post a new comment


    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.