I currently have a working implementation of AES that I
am going to use in NNIS. I can going to plug it
directly into the socket code to make it as seemless as
possible, passing the key as an argument. The
encryption does multiple things, expecially when
combined with the MD5 sum already implemented.
1. Stops reading of sensitive data (the obvious)
2. Stops "slipstreaming" of data into transfers from a
3rd party.
a. The MD5 wouldn't match
b. Since the MD5 is taken before the encryption, it
ensures that the decryption process was successfull.
3. Ensures that client and server can trust eachother,
if their passwords don't match, then connection is
dropped automatically.
**TODO**
1. Use the encryption and develop a one-time session
key, this would prevent replay attacks.
Log in to post a comment.
