James -- ...and then James Taylor said... % % I have a program I wrote, client and server, that communicate through ... % use it unless I implement some sort of encryption using SSL or SSH % tunneling. I don't really want to do this, so i was thinking of putting % in some sort of challenge handshake, using MD5 hashes based on
Rather than rolling your own and doing some hash handshaking, why not just wrap your socket calls in something like Net::SSH and let the module negotiate the ssl for you? I have to think that there's a module out there that handles exactly this sort of thing... If you're actually looking for some security, then you should almost certainly go with properly robust code. Not only does plain comm have the problem of possible forgery but it also leaks what you're sending to anyone who is watching, too; ssl can take care of both of those problems. HTH & HAND :-D -- David T-G * It's easier to fight for one's principles (play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie (work) [EMAIL PROTECTED] http://www.justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
msg25519/pgp00000.pgp
Description: PGP signature
