question
You want to implement a simple client connection authentication function in a distributed system, but you don't want to be as complicated as SSL.
Solution
A connection handshake can be implemented using the hmac module, thereby achieving a simple and efficient authentication process. Here is a code example:
import hmac import os def client_authenticate(connection, secret_key): ''' Authenticate client to a remote service. connection represents a network connection. secret_key is a key known only to both client/server. ''' message = (32) hash = (secret_key, message) digest = () (digest) def server_authenticate(connection, secret_key): ''' Request client authentication. ''' message = (32) (message) hash = (secret_key, message) digest = () response = (len(digest)) return hmac.compare_digest(digest,response)
The basic principle is that when the connection is established, the server sends a random byte message to the client (the return value is used in this example). The client and the server use both hmac and a key that is known only to both parties to calculate an encrypted hash value. The client then sends the summary it calculates to the server, and the server decides to accept or reject the connection by comparing whether this value is consistent with the one it calculates. Comparing the summary requires the use of the hmac.compare_digest() function. Use this function to avoid time analysis attacks, and do not use simple comparison operators (==). To use these functions, you need to integrate it into your existing network or message code. For example, for sockets, the server code should look like the following:
from socket import socket, AF_INET, SOCK_STREAM
secret_key = b'peekaboo'
def echo_handler(client_sock):
if not server_authenticate(client_sock, secret_key):
client_sock.close()
return
while True:
msg = client_sock.recv(8192)
if not msg:
break
client_sock.sendall(msg)
def echo_server(address):
s = socket(AF_INET, SOCK_STREAM)
(address)
(5)
while True:
c,a = ()
echo_handler(c)
echo_server(('', 18000))
Within a client, you would do this:
from socket import socket, AF_INET, SOCK_STREAM
secret_key = b'peekaboo'
s = socket(AF_INET, SOCK_STREAM)
(('localhost', 18000))
client_authenticate(s, secret_key)
(b'Hello World')
resp = (1024)
discuss
A common usage scenario for hmac authentication is internal message communication system and inter-process communication. For example, if you write a system that involves communication between multiple processors in a cluster, you can use this section to ensure that only allowed processes can communicate with each other. In fact, hmac-based authentication is used by the multiprocessing module to implement direct communication of child processes.
Another thing to emphasize is that connection authentication and encryption are two different things. Communication messages after successful authentication are sent in plain text, and anyone who wants to listen to this connection line can see the message (although the keys of both parties will not be transmitted).
The hmac authentication algorithm is based on hash functions such as MD5 and SHA-1. This is described in detail in IETF RFC 2104.
The above is the detailed content of Python implementing simple client authentication. For more information about Python client authentication, please follow my other related articles!