SourceOffSite uses the Blowfish Encryption Algorithm
<http://www.counterpane.com/blowfish.html> for encryption.
The log in process using encryption in SourceOffSite works as follows:
When the connecting client receives the challenge from the server (after
connecting to the secure port), it looks for a crypto key for that particular
server. If the key is found, it loads the key and creates a session key. The
username is sent to the server and the Client uses the crypto key to encrypt
the user's VSS password, session key, and validation hash before sending
that information to the server.
When the server receives the username, it looks for a key for that user in
its keys database. If found, it then attempts to decrypt the remaining
packets (containing the password, session key, and validation hash). If
that all works correctly, then the server responds with an OK message in
cleartext, and then all remaining communication for that session will be
encrypted with the session key. Each session key is generated with a
cryptographically secure random number generator.
Also, if anything goes wrong at each step, the session is terminated.
Overview of an encrypted session in SOS
Moderator: SourceGear
Overview of an encrypted session in SOS
Linda Bauer
SourceGear
Technical Support Manager
SourceGear
Technical Support Manager