perfsonar development work

[Guilherme Fernandes <>]

Stijn Melis wrote:
> > I took a quick look at the code of the ssh/telnet mp on trunk and 
> > have two suggestions.
> >
> > I can see that you are using DES and that the encryption key is 
> > hardcoded. DES is easily bruteforceable, you might want to switch to 
> > AES 256bits. The encryption key should be set by the administrator 
> > and put in the config file, otherwise someone can just get the 
> > encrypted password from the source code that is publicly available to 
> > decipher it.
> >
> > But I don't think this type of information should be registered to 
> > the LS anyways.
> >
> > Cheers,
> >
> > Guilherme
>
> If others share your feelings about this, I have no problem with 
> changing this and creating a seperate metadata config file for 
> registration to the LS. It looks like I'll have to do this anyway, in 
> order for the eventTypes to be registered to the LS as well.
>
> As far as I remember I tried using AES, but it didn't work. Because I 
> was pressed with time, I left the DES as it was. Would you still have 
> a problem with using DES if the information wasn't registered to the 
> LS, because than this information wouldn't be made public?
I wouldn't. But if the information isn't to be made public, I don't see 
a point in having the encryption in the first place. The only situation 
it would provide another layer of security is if the encryption key was 
on the service configuration file and someone got access to *only* the 
metadata configuration file. But since both files have the same 
permissions (so they can be read by the service), this situation 
wouldn't happen. And, if it's DES, it's just a nuisance, not a proper 
security mechanism...

Cheers,

Guilherme
> Cheers,
>
> Stijn