[TIPS] Variables can be nested!
|
2014-03-20, 12:10
(This post was last modified: 2014-03-20 12:48 by sebastian.)
Post: #3
|
|||
|
|||
RE: [TIPS] Variables can be nested!
I checked it out.
The only security I want, is the ability to protect a value against tampering across the network. It would actually be enough with some like: set encryption ${securedata}mysecretpassword set finalresult ${encryption:md5hex} chain h**p://192.168.1.2/boot.cgi?${securedata}-${finalresult} verifying the value on server would be simple as: $value = $ENV{'QUERY_STRING'}; ($secure, $md5) = split("-", $value); if ($md5 eq md5_hex($secure."mysecretpassword")) { #Do something trusted with $secure } else { print "Content-Type: text/plain\n\nInvalid data"; } but theres no way in iPXE currently to hash a value stored in a variable. I looked at all these certificate stuff and found out that embedding both a client certificate (to prevent "unauthorized" clients from submitting data) and a server certificate, makes the binary too fat to be embedded in the mobo ROM. Since the real clients and the server is fully trusted and know each other (its under the same roof), it would be sufficent with a simple shared-secret system. The security case is this: While the computers are booting, the computers are fully trusted. Both the server and the clients trust each other, so theres no need for PKI at all, a simple shared secret is enough. When the computer has fully booted, its no longer trusted. The user on one of the trusted clients could for example Wireshark the traffic, and then use a own computer on the network to attempt to gain access to Resources that only trusted clients should have. The user base of the computers are constantly changing, so theres almost never a user that have constant access to one single computer. So the security I will do, will be based on a simple chaining, Rolling code system. This will create a very hard obstacle for my user base to pass: To be able to pass this system, they will need to wireshark while the computer are booting for the first time for that day (eg when the boot file containing a seed secret, is transferred to the client computer). If they don't, they will never see the seed secret, and they will not be abe to produce codes that the server will accept. |
|||
« Next Oldest | Next Newest »
|
Messages In This Thread |
[TIPS] Variables can be nested! - sebastian - 2014-03-20, 11:20
RE: [TIPS] Variables can be nested! - mcb30 - 2014-03-20, 11:54
RE: [TIPS] Variables can be nested! - sebastian - 2014-03-20 12:10
RE: [TIPS] Variables can be nested! - mcb30 - 2014-03-20, 13:27
RE: [TIPS] Variables can be nested! - sebastian - 2014-03-20, 13:37
RE: [TIPS] Variables can be nested! - sebastian - 2014-04-26, 00:44
|
User(s) browsing this thread: 1 Guest(s)