Date   : Wed, 12 Aug 2009 17:13:49 +0100
From   : philb@... (Phil Blundell)
Subject: Econet <> Ethernet

On Wed, 2009-08-12 at 16:12 +0100, Phil Blundell wrote:
> Good idea.  I'm slightly nervous about fitting an md5 routine into the
> 200-or-so bytes of spare flash space that I have at my disposal, so we
> might need to compromise slightly on that.  How about (X)TEA?
> 
> Or, personally I would be happy enough just sending the password in
> cleartext: this isn't really intended to be a high security system, and
> you can always tunnel it inside IPsec or something if you're worried.  

I've edited the wiki page now to admit these two possibilities.  The
drill is as follows:

Either...

1) send request &01 with auth type set to &01 and password in payload
2) receive response &03 if ok, or response &04, reason code &01 if
password was wrong

Or...

1) send request &01 with auth type set to &00
2) receive response &04, reason code &03, challenge string in payload
3) encrypt challenge string using secret password as key
4) re-send request &01, now with auth type=&02 and ciphertext in payload
5) receive response &03 if ok, or response &04, reason code &01 if
password was wrong

Clients that don't care too much about security of their passwords can
use the first form: this is probably what I will end up doing for the
case of two back-to-back gateways talking over a LAN so that I don't
have to implement both ends of the encryption process.

Clients that don't feel comfortable sending their password over the
network in clear can use the second form.

p.