Re: OpenSRS crypto lib compatibility

• Next message: bleachboy: "RE: I think we need a more detailed spec"
• Previous message: Joe: "Re: OpenSRS crypto lib compatibility"
• In reply to: Joe: "Re: OpenSRS crypto lib compatibility"
• Next in thread: Mike Bilow: "Re: OpenSRS crypto lib compatibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

We'd have to have two servers running, one with the lib for 1.20, one with
a lib for 1.23 (current version). Since only one server can open the
listen port (50000) at a time this won't work.

We *could* write the server so that each process that forks uses different
libraries, -but- it would be much easier once we have more time on our
plate (after releasing promised features, etc) if we just updated the
server to use different crypt modules (Blowfish, Idea, etc) and phase out
the necessity for DES and CBC.

This will, unfortunately, have to wait. The current (and working)
solution is to maintain the older CBC version (and big endian problems
with DES) until the developers have time to rework the server code :)

Joe wrote:
>
> On Wed, 22 Mar 2000, Charles Daminato wrote:
>
> > When the code was originally developed, Crypt::CBC was the best thing
> > available. When Lincoln Stein moved more towards OpenSSL standards, the
> > versions weren't backwards compatible.
> >
> > Using the client with 1.22 or higher didn't work
> > Upgrading the server to 1.22 broke everyone (over 700 at the time) that
> > was using 1.20.
>
> Correct me if I'm wrong, but couldn't you simply base the server's lib usage
> based upon the Client ID? If not, why bother requiring the Client version
> number in the client hello string?
>
> (server pseudo code)
>
> if (opensrs_client_version > 3.0 )
> use Crypt::CBC-1.22;
> else
> use Crypt::CBC-1.20;
>
> Install both modules on the server and all your clients should be able to
> connect with either version, provided that those who use the newer
> Crypt::CBC update their client version number.
>
> I'd love to write up a PHP program and associated classes to replace the
> Perl implementation but I'm fairly sure libmcrypt uses the same methodology
> as 1.22.
>
> --
> Joe Technical Support
> General Support: support@blarg.net Blarg! Online Services, Inc.
> Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net

-- 
Charles Daminato
OpenSRS Technical Operations
chuck@opensrs.org

• Next message: bleachboy: "RE: I think we need a more detailed spec"
• Previous message: Joe: "Re: OpenSRS crypto lib compatibility"
• In reply to: Joe: "Re: OpenSRS crypto lib compatibility"
• Next in thread: Mike Bilow: "Re: OpenSRS crypto lib compatibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:22 EDT