0

What I'm trying to make happen: my PoCo::IRC bot requests for you to sign a message with an RSA key, but the message has a random string for every time you identify (sort of like #bitcoin-otc's gribble bot, but using RSA instead of bitcoin).

I want it to say something like <mybot> With the key for 'donkus', sign the message '2FrNGk7QoCKQecIz', pass through base64. It needs to anticipate the arrival of my signed message. Then I could reply back with my signed message in base64, and it would verify using the hard-coded public key in the script (presumably using Crypt::RSA). This exchange would take place over private messaging.

This is so I could create a bunch of bots to op me on my EFnet channel, and yes I know I can use Eggdrop but I'd sooner write my own perl script than configure all that junk.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
bugzeeolboy
  • 25
  • 3

1 Answers1

0

I would record the request like this:

$requests{$user} = {
  key_for => "donkus",
  token   => "2FrNGk7QoCKQecIz",
  ts      => time(),
};

That way, if a user re-requests authentication, the old one is clobbered.

I'd either use the ts field to periodically expire authentication requests, or I'd use a LRU cache of $user identifiers to limit the number of requests in play. If I really cared, I'd do both: have a relatively high LRU cache limit (say 100 requests) and a relatively low timeout of perhaps 2 minutes.

As messages from $user come in, I'd see if they matched the credentials in %requests. If so, they're in. If not, they remain out.

Rocco Caputo
  • 104
  • 3