md5 hashing

[Andrew Gray]

Scott, Brendan, Thanks for taking the time to explain that, I think I hae my
head around it now :)

Andrew.

----- Original Message -----
From: "Scott Penrose" <scottp at dd.com.au>
To: "Andrew Gray" <sysadmin at netconnect.com.au>
Cc: <melbourne-pm at pm.org>
Sent: Thursday, January 31, 2002 4:29 PM
Subject: Re: md5 hashing


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> On Thursday, January 31, 2002, at 06:09 , Andrew Gray wrote:
>
> > What I want to do, is remotely control some of the functions on a
> > server. To
> > this end, I can do it using sockets and loading a client program and
> > that
> > all works OK, but I think to be secure I need to encrypt the message I
> > am
> > passing between the servers (call me paranoid, but I dont really trust
> > telstra's network that much ....)
> >
> >> From how I understand it, MD5 encryption lets you hash a message with a
> > given key, and then using the same key, unencrypt the message at the
> > other
> > end. Is this right? or is it a one way encryption like crypt()?
> >
> > Having read the synopsis from www.cpan.org I can see how to hash the
> > message
> > given a key string, but nowhere can I see how to unencrypt at the other
> > end
> > of the transmission.
> >
> > OR are there any other two way encryption modules around that I could
> > use
> > simply.
>
> Personally I prefer to do it using SSL, that way the encoding is
> standard and well understood.
>
> However that can be a lot of work, so in some cases what I have done is
> to use SSH port forwarding.
>
> So what you do is on your client side (where your perl script runs)
> connect (sockets) to localhost, some port number you choose.
> SSH mean time has been setup (using RSA keys etc) by the system admin -
> separately controlled from your perl code.
> on connecting to localhost:someport it forward it to
> remotehost:localport.
>
> You also need to make sure that your server is setup with the daemon
> (the server script) so that it only accepts connections from localhost
> (bind to localhost only) - and I also recommend restricting that port
> even more with ip tables.
>
> Why this approach.
>
> 1. My perl code does not have to know anything about security or
> encrypting
> 2. I can test the code without any encryption.
> 3. I am not going to make a crypto mistake - SSH is well proven
> technology and checked for security holes all the time.
> 4. When updates to how security is done are made you don't have to
> update your then legacy perl code.
>
> One point though - this does not protect your server or client machine
> from prying eyes. However having encryption end to end does not really
> solve that either because you are going to have the streams unencrypted
> in memory anyway.
> Scott
> - ---
> Scott Penrose
> Open source and Linux Developer
> http://linux.dd.com.au/
> scottp at dd.com.au
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (Darwin)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQE8WORUDCFCcmAm26YRAvxVAKCbl+SV2WfLS73krw1lZpDQKCetjQCeMDJA
> F9eM54KdCZpeuaas9EkvSog=
> =OfaC
> -----END PGP SIGNATURE-----
>
>