You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I propose the IP Networking Control Packets specification be extended with two additional types to provide optional password authentication. This will allow operators of servers to choose whether they wish to have additional security without changes to existing services.
ACKA
Bytes
0-3 Magic - ASCII "ACKA"
4-7 4 byte salt
Server may, upon receipt of a valid CONN command, respond with this type packet indicating that the callsign presented was valid but this connection requires authentication.
The salt must be different for each authentication attempt and should be acquired from a source with sufficient entropy.
Client must, upon reciept of an ACKA packet in response to a CONN command, respond with this type packet.
The digest shall be the SHA256 hash of the salt and the user's password.
Server must respond with an ACKN packet if the authentication is successful or NACK if it is not.
Server should also terminate the connection if the authentication is unsuccessful.
Example successful exchange with a salt of 0x31323334 and a base40 encoded callsign N8VNR:
I propose the IP Networking Control Packets specification be extended with two additional types to provide optional password authentication. This will allow operators of servers to choose whether they wish to have additional security without changes to existing services.
ACKA
Server may, upon receipt of a valid CONN command, respond with this type packet indicating that the callsign presented was valid but this connection requires authentication.
The salt must be different for each authentication attempt and should be acquired from a source with sufficient entropy.
AUTH
Client must, upon reciept of an ACKA packet in response to a CONN command, respond with this type packet.
The digest shall be the SHA256 hash of the salt and the user's password.
Server must respond with an ACKN packet if the authentication is successful or NACK if it is not.
Server should also terminate the connection if the authentication is unsuccessful.
Example successful exchange with a salt of 0x31323334 and a base40 encoded callsign N8VNR:
Points for discussion:
The text was updated successfully, but these errors were encountered: