[p2p-hackers] P2P Authentication
Frank Moore
francis.moore at rawflow.com
Tue Oct 25 13:45:47 UTC 2005
Hi,
I have the following problem:
I'm working on a hybrid p2p network where there is a central server and
lots of clients (peers). I need a way for clients to authenticate
themselves when they join the network. I've looked at doing a challenge
response type thing using Challenge Handshake Authentication Protocol
(CHAP) but that means putting a shared secret key in each client and
the server.
It seems entirely possible that someone could reverse engineer the
client executable to get hold of the shared secret key and then write a
'rogue' client (or server) to subvert the network?
Is there a standard (or any) way of authenticating peers in p2p
networks that doesn't require secret shared keys?
Cheers,
F.
More information about the P2p-hackers
mailing list