Re: Emergency shutdown feature

Olaf Titz (olaf@bigred.inka.de)
Sat, 20 Dec 1997 21:04:37 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Raja R Harinath: "Re: Making module versions (Was: OFFTOPIC: binary modules, bad idea!)"
Previous message: Bill Hawes: "Re: 3c9xx Support."
Maybe in reply to: Olaf Titz: "Emergency shutdown feature"

> and the above is user-space. Why not use a ssh 'like'
> approach ? The packet -must- have come from a known host(s)
> and -must- come from a trusted 'user' . the ssh package
> already has this functionality, it would be nice to see
> this used and not rebuild the wheel . Tia

The authentication used by the ssh package is much too heavyweight
(public key calculations require a lot of CPU as well as rather much
code for the multi-precision math) and not needed here. A simple keyed
MD5 authentication is enough. I.e. take a string X as key and a
non-constant string Z as message, and put (Z, MD5(X+Z)) in the
datagram. Simple, fast, requires exactly one datagram and doesn't fall
under US export restrictions (no encryption is done). Use a timer for
Z to protect against replay.

There's not much of a wheel to re-invent here. (And we don't need
tractor wheels for a bicycle. :-)

olaf

Next message: Raja R Harinath: "Re: Making module versions (Was: OFFTOPIC: binary modules, bad idea!)"
Previous message: Bill Hawes: "Re: 3c9xx Support."
Maybe in reply to: Olaf Titz: "Emergency shutdown feature"