From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nick Jamieson To: 9fans@cse.psu.edu Subject: Re: [9fans] cryptographic signatures & factotum User-Agent: KMail/1.6 References: <76cc93f6db46e7ad7bd84bceb250ba14@collyer.net> <004b01c40813$bb9261b0$df756f51@ntlworld.com> In-Reply-To: <004b01c40813$bb9261b0$df756f51@ntlworld.com> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200403141640.00154.ncj@mcs.vuw.ac.nz> Date: Sun, 14 Mar 2004 16:39:59 +1300 Topicbox-Message-UUID: 2d7ef9e8-eacd-11e9-9e20-41e7f4b1d025 > My idea was to send just a plaintext email that contains two attachements. > One being an rc script and the other an authenticating > signature for that command. I think this is secure enough as the > signature (hash) would need a shared secret to be validated. Hi. You should also include a time stamp to prevent replay attacks. Suppose you send [command, time, SHA1(command, secret, time)] to your work computer. Then your work computer can check that the digest is valid and that the time stamp is recent and not the same as a previously given time stamp. The work computer needs to remember each time stamp given for as long as it may be regarded as 'recent'. Nick