Shawn O. Pearce schrieb:
> I'm currently finishing a side-band-64k protocol extension to the
> send-pack/receive-pack pair. My next task after I flush those
> RFC patches out to the list tonight will be to prototype at least
> some of the auth1 extension I described.
I propose to make the syntax of the extension
server capability: auth=<list of hash methods>:<challenge>
client response: auth=<chosen hash method>
where <challenge> is a random sequence of non-blank ASCII text, not
necessarily of a fixed length, but perhaps of a minimum length.
Then we can extend the list of hash algorithms (that are used for
authentication purposes) if people think that SHA1 is not secure enough:
auth=SHA1,SHA256:random-stuff-goes-here
I'm not a security expert, so take this with a grain of salt.
-- Hannes
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
