UDP API DEV: Difference between revisions

UDP API DEV (view source)

Revision as of 03:59, 30 January 2006

153 bytes added , 30 January 2006

m

reduce replay possibilities

Exp

Bureaucrats, Administrators

340

edits

@@ Line 86: / Line 86: @@
 == Misc Commands ==
 === ENCRYPT ===
-Will cause all future messages from the server, except the first (the reply to the ENCRYPT command itself), to be encrypted (128 bit AES). The client will also have to encrypt all future requests sent to the server. All non-encrypted messages will be discarded by the server. The encryption key is the MD5 hash of a special (new/to be added) password defined in the users profile. A normal AUTH message is still necessary to authenticate and should follow the ENCRYPT command once the API has acknowledged the encryption.
+Will cause all future messages from the server, except the first (the reply to the ENCRYPT command itself), to be encrypted (128 bit AES). The client will also have to encrypt all future requests sent to the server. All non-encrypted messages will be discarded by the server. The encryption key is the MD5 hash of a special (new/to be added) password defined in the users profile concatenated with the salt string as given in the reply to the ENCRYPT message. A normal AUTH message is still necessary to authenticate and should follow the ENCRYPT command once the API has acknowledged the encryption.
 '''Command String:'''
@@ Line 92: / Line 92: @@
 '''Possible Replies:'''
-* XXX ENCRYPTION ENABLED
+* XXX {str salt} ENCRYPTION ENABLED
 * XXX NO SUCH USER
 * XXX ENCRYPTION PASSWORD NOT DEFINED
@@ Line 104: / Line 104: @@
 * a logout (the logout message needs to be correctly encrypted) or timeout will disable the encryption
 * in order to minimize server load, encryption should be disabled by default and should have to be enabled manually by the user in the configuration options.
+* the encryption key is md5(special_api_password_of_user+salt)
 [[Category:Development]]