[ On Tuesday, December 12, 2000 at 14:18:24 (-0500), Andrew Brown wrote: ]
> Subject: Re: identd...
>
> there's absolutely *no* need for crypto to make identd "secure".  a
> simple identd could to the following:

I didn't say "secure".  I said that an identd with crypto would "no
longer be pointless or dangerous."

Maybe strong crypto (depending on how you define it) is not necessary to
do this from a strict technical point of view, but in the real world
using an encrypted reply makes a great deal more sense all around.

Perhaps you should read the file "why-encrypt.txt" that comes with the
Pidentd distribution.  It gives a much more detailed outline of why
encryption is necessary to make identd useful.

Obviously identd could always have supported sending encrypted replies
all along by restricting itself to using an exportable strength
algorithm, but it didn't, so now I've re-integrated the support again,
but this time with at least 64-bit DES (if not even something better).

> i suppose if you want something that leaks less, you could do
> something with a hash, the time stuff, the actual user, and send that
> back.

While a secure one-way hash of the unique contents of your local log
entry is also theoretically all that's necessary, it's more sensible to
send the entire log entry in strongly encrypted form since your local
logs might have expired (or even been maliciously destroyed) by the time
the law comes knocking on your door....  Not to mention but that
searching for the exact entry again, even with a decently narrow time
window, is a lot more trouble than it's worth if you've got to re-hash
the entries to match the reply.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>