Basic Challenge-Response authentication This is a perl5 module implementing basic MD5-based challenge/response. The authentication method provided, allows for mutual authentications of the endpoints of a communication channel provided that a shared secret known only to them has been exchanged prior to the session. If the secret is known to a third party, this authentication mechanism is useless (ie, this situation can lead to a man-in-the-middle-attack) so its secrecy is very important. Note that this module does NOT provide security agains eavesdropping or hijacking. A positive identification can be followed by an attacker stealing the connection or sniffing. Both situations can be detrimental to the security. This module allows for the detection of date-synch issues, such as the ones ussually present when an attacker drifts the clock of one of the peers to influence other authentication schemes. At run-time, the user of the module can define a time-sync-tolerance. Host dates when the challenge and response were generated must match to within this specified tolerance to be acceptable. The user can also define a lifespan for the challenge/response transaction. This code is subject to the same restrictions and warranties than perl itself. This implementation depends on MD5.pm to be correctly installed on your system. It has been tested on FreeBSD 2.2.5-RELEASE and 2.2.6-RELEASE as well as on Digital Unix 3.0B. It should work on any system where perl's MD5() works correctly. Installing Authen::Challenge::Basic should be as easy as unpacking the gzipped file and doing perl Makefile.PL make make test make install The tests are very simple. Essentially, if the MD5 module works, this one *should* also work :) It would be very nice to have more challenge/response methods available. They can be created bellow Auth::Challenge. Please send bugs, queries, suggestions to Luis E. Munoz, lem@cantv.net Good luck.