[Verse-dev] R5 Issues
Emil Brink
emil at obsession.se
Fri Feb 18 14:32:18 CET 2005
On Fri, 18 Feb 2005 09:47:46 +0100
Emil Brink <emil at obsession.se> wrote:
> On Fri, 18 Feb 2005 09:07:44 +0100
> Emil Brink <emil at obsession.se> wrote:
>
> > Hi.
> >
> > As Brecht wrote, things seem rather... B0rken.
> [...]
> > I'll dig around a bit.
>
> Okay, I've dug, and so far the thing seems to be that the client somehow
> loses its RSA key. It generates one, but then when trying to encrypt the
> login packet, it uses a key of all zeroes. This sends the name+password
> in plaintext, which the server then dutifully decrypts, this scrambling
> the bits.
There were all kinds of mishaps in the key handling, but I think I've
cleared them up now.
It would be *very* advisable for Eskil to read the patch of v_connect.c,
since I *changed the key used* for some operations where the code as
written simply didn't make any sense to me.
Diff: <http://projects.blender.org/viewcvs/viewcvs.cgi/verse/v_connect.c.diff?r1=1.3.2.8&r2=1.3.2.9&cvsroot=verse&only_with_tag=release-r5-branch>.
I don't think I broke something, but then my understanding of how it's
supposed to work are very sketchy.
I can connect to a server just fine now, and I'm fairly sure that name
and password are not sent in the clear at least.
Regards,
/Emil
More information about the Verse-dev
mailing list