Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Using an Update Key  (Read 2015 times)

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 952
Using an Update Key
« on: February 02, 2014, 05:17:56 AM »

After reading this announcement, I decided it was a good idea to switch to the new authentication mechanism for tunnels, as it does sound more secure than the old approach.

I did run into one problem though. I'd like to share, what I found out, in case anybody else has been having problems. It turns out, that the new update mechanism does not work, if you choose an Update Key, which is exactly 32 characters long. If instead you choose a longer or a shorter key, it does appear to work.

(Is it a coincidence that this announcement about security improvements came just after the problems on the Stockholm tunnel server appeared to have disappeared?)
Logged

lechner

  • Newbie
  • *
  • Posts: 2
Re: Using an Update Key
« Reply #1 on: February 13, 2014, 08:29:51 PM »

A key with 32 characters worked for me, but I had to change the tunnelbroker user ID (the hex string on everyone's main page) to my login user name. Is that the correct way now? Thank you.
Logged

.

  • Newbie
  • *
  • Posts: 2
Re: Using an Update Key
« Reply #2 on: February 13, 2014, 08:46:14 PM »

How do I set up this Update Key?
Logged

lechner

  • Newbie
  • *
  • Posts: 2
Re: Using an Update Key
« Reply #3 on: February 13, 2014, 09:58:58 PM »

I am not sure what the requirements for the string are, but I took a random, scanned PDF document and ran md5sum over it. That worked for me.
Logged

kcochran

  • Sr. Network Engineer, Hurricane Electric
  • Administrator
  • Sr. Member
  • *****
  • Posts: 414
Re: Using an Update Key
« Reply #4 on: February 14, 2014, 04:11:34 AM »

There are very few things which require the hex user id at this point.  The only one which springs to mind is the non-SSL variant of ipv4_end.php, which won't let you use HTTP Auth parameters by design.

And you can use a 32 character update key, it just has to be all lower case if it doesn't use any non-hex character if you're using ipv4_end.php, due to various case-sensitivity requirements use of the direct use of the intermediate hash causes now and supporting the legacy mechanisms.

Really, using /nic/update is preferred at this time, as it's widely supported due to its API compatibility with existing DDNS update clients, and less parameter creep over the years.
Logged