Received: with ECARTIS (v1.0.0; list gopher);
 Mon, 21 Oct 2002 19:37:10 -0500 (EST)
Return-Path: <hardburn@runbox.com>
Delivered-To: gopher@complete.org
Received: from aibo.runbox.com (aibo.runbox.com [193.71.199.94])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(Client did not present a certificate)
	by gesundheit.complete.org (Postfix) with ESMTP id C632161BB7
	for <gopher@complete.org>; Mon, 21 Oct 2002 19:37:09 -0500 (EST)
Received: from [10.9.9.1] (helo=pluto.runbox.com)
	by tramp.runbox.com with esmtp (Exim 4.05-VA-mm1)
	id 183n2c-0004H1-00
	for gopher@complete.org; Tue, 22 Oct 2002 02:37:02 +0200
Received: from [204.71.148.90] (helo=enterprise)
	(Authenticated Sender=hardburn)
	by pluto.runbox.com with asmtp (Exim 3.35 #1)
	id 183n2J-0004Lq-00
	for gopher@complete.org; Tue, 22 Oct 2002 02:36:44 +0200
Content-type: text/plain; charset=us-ascii
From: Timm Murray <hardburn@runbox.com>
To: gopher@complete.org
Subject: [gopher] Gopher+ Authentication (update)
Date: Mon, 21 Oct 2002 18:50:32 -0500
X-Mailer: KMail [version 1.4]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200210211850.36605.hardburn@runbox.com>
X-archive-position: 708
X-ecartis-version: Ecartis v1.0.0
Sender: gopher-bounce@complete.org
Errors-to: gopher-bounce@complete.org
X-original-sender: hardburn@runbox.com
Precedence: bulk
Reply-to: gopher@complete.org
List-help: <mailto:ecartis@complete.org?Subject=help>
List-unsubscribe: <mailto:gopher-request@complete.org?Subject=unsubscribe>
List-software: Ecartis version 1.0.0
List-ID: Gopher <gopher.complete.org>
X-List-ID: Gopher <gopher.complete.org>
List-subscribe: <mailto:gopher-request@complete.org?Subject=subscribe>
List-owner: <mailto:jgoerzen@complete.org>
List-post: <mailto:gopher@complete.org>
List-archive: <http://www.complete.org/mailinglists/archives/>
X-list: gopher


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A small update to the Gopher+ Authentication proposal.  

- From the Gopher+ standard:

"The folks with a hirsute tendency will have noticed 
that all  these interactions  are static rather than 
truly dynamic and  interactive.  In other words, the  
server cannot ask different questions in response to 
different answers.   +ASK does not constitute a  
scripting language by any  means."

The last proposal would have worked dynamically--which is explicitly forbidden 
by the above.  Instead of making an incompatible change to the current 
protocol that would have gone against the orginal intent, I decided to make a 
slight modification to the proposal to use something that is similar, but not 
quite like +ASK.

Additionally, a new Gopher+ entry in the menu system has been defined to note 
which entries require authentication.


Gopher+ SRP Authentication

By Timm Murray

This document provides a secure means of authentication using 
the Secure Remote Password (SRP) scheme.  This scheme is documented 
in RFC 2945.  Implementors should be familer with that RFC.

In breaking with Gopher tradition, this document uses '\t' to denote a 
tab, '\r' to denote a cariage return, and '\n' to denote a newline.  
'C:' is a line of text sent by the client, and 'S: is a line sent by the 
server.  Calculations by one side or the other are contained in '[' ']' 
brackets, with a note specifiying who is doing the calculations.  Any 
numbers sent MUST be Base16 encoded [0-9A-Fa-f].

'|' indicates string cancatanation.  '^' is exponentation.  '%' is integer 
remainder. '==' checks for equivilence, while '!=' checks for unequivilence.  
SHA1() does an SHA-1 hash on the data.  SHA1_Interleave() is a special 
function that doubles the normal length of the SHA-1 hash, and is described 
in RFC 2945.

The means of storing username/password/salt values is also described in 
RFC 2945.  In short:

u = stored username
v = stored password verifier
s = salt value

At the beginning of the connection, the server sends a "HashType" field.  
This is a string specifying the type of cryptgraphic hash to use.  Where 
the protocol specifies "SHA1()" in calculations, the client and server MUST 
replace it with the proper hash type.  "SHA1_Interleave()" is also modified 
accordingly.  At a bare minimum, the clients and servers MUST implement the 
following:

Name        Referance
- ----        ---------
SHA-1       RFC 3174
MD5         RFC 1321

Authentication works as follows:

C: <selector string>\r\n
S: +AUTH \r\n
[Server:
	selects values for g and N
]
S: g \t N \t HashType \r\n
[Client: 
	if unrecoginized HashType, then send "Unknown Hash" and cut connection
	a = random()
	A = g^a % N
]
C: U \t A \r\n
[Server:
	if A % N == 0, then cut the connection.
	v = <stored password verifier>
	b = random()
	B = (u + g^b) % N
	s = salt stored for username
]
S: s \t B \r\n
[Client:
	if B % N == 0, then cut the connection. 
	p = <raw password>
	x = SHA(s | SHA(U | ':' | p))
	S = (B - g^x)^(a + u * x) % N
	K = SHA1_Interleave(S)
	M = SHA1(SHA1(N) XOR SHA1(g) | SHA1(U) | S | A | B | K)
]
[Server: 
	S = (A * v^u)^b % N
	K = SHA1_Interleave(S)
]
C: M \r\n
[Server: 
	J = SHA1(SHA1(N) XOR SHA1(g) | SHA1(U) | S | A | B | K)
	if J != M, then cut the connection.
	L = SHA1(A | M | K)
]
[Client: 
	I = SHA1(A | M | K)
]
S: OK \t L \r\n
[Client: 
	if L != I, then cut the connection
]
C: OK

The server now proceeds with normal operation on the selector 
string.


MENU ENTITIES

Menu entities pointing to items requiring authentication use a '*' character 
after the last tab.  For instance:

0This file requires authentication \t /testauth \t host \t port \t * \r\n

This signals the client to be prepared for an authentication exchange.  After 
the 
'*', another Gopher+ type may be placed.  For instance, an +ASK value can be 
specified like this: 

0Authenticate \t /auth \t host \t port \t *? \r\n
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj20kssACgkQqpueKcacfLThPgCfdC3nRElo0rekOyn3T6hoiX+J
V0kAoK6Kp8WSC6w5wEqhiI63T+Nb6GS7
=vS1X
-----END PGP SIGNATURE-----