-
Notifications
You must be signed in to change notification settings - Fork 69
Authentication modules
The authentication modules provide the authentication feature on top of the transport modules. Just like the transport and encryption modules these modules are plug and play too. Anything that was put into the authentication/ directory and has the right format can be used as an authentication module.
The framework supports two authentication modules at the moment:
- None
- Salted SHA2 512
Just like its name suggests, this module provides no authentication. This comes handy when somebody debugs or develops for the framework.
[Authentication]
module = none
Please do not use this module. This module can be considered as a security vulnerability if used since it provides no protection.
This module uses the salted SHA2 512 hash of a passphrase to authenticate against the server. In every authentication attempt the client grabs the passphrase from the configuration, generates a random salt value which is prepended to the shared secret and then creates the SHA2 hash of that.
Only the salted hash (which changes every time) is sent over the wire.
[Authentication]
module = saltedsha512
key = VERY_STRONG_PASSPHRASE_WHICH_IS_LONG
The key should be changed to long random passphrase. Both the server and clients must have the same shared secret set, otherwise the authentication will fail.
XFLTReaT 2017-2020 Balazs Bucsay @xoreipeip
- Home - Introduction to XFLTReaT
- The framework - The framework explained
- Installation - How to install the tool
- Configuration - How to configure the framework
- Operating System support - See the supported Operating Systems
- Transport modules - Explanation of the transport modules
- Authentication modules - Explanation of the authentication modules
- Encryption modules - Explanation of the encryption modules
- Use Cases - Examples use cases
- Development - How to develop for the framework