Midterm: qaul RPC User Authentication Layer

Posted on by claddy

Introduction:


Hi everyone! As we reach the midpoint of Google Summer of Code 2025, I’m excited to share the progress no my project: qaul RPC User Authentication Layer. Working on the project has been challenging as well as rewarding for me, and I’m very excited to share what I’ve accomplished so far and what is still left.

Where are we

Core Password Management Implementation


I have built the foundational password management system within libqaul. This involves several key components.

  • Secure Password Hashing:
    I initally implemented hashing using bcrypt but after careful consideration, I migrated to Argon2.
  • Protobuf Integrations:
    Extend qaul’s existing RPC communication structure by adding new auth modules.
  • Updated the configuration framework to secure handle password hashes and auth settings, so that sensititve data is properly stored while maintaing compatibility with existing systems.

Authentication Module Development


The auth system is now integrated into libqaul’s arhitecture.

RPC Message Handling: Implemented comprehensive message processing for authentication requests and responses, including proper error handling and status reporting.

Challenge response: developed a secure authentication flow that uses cryptographic challenges rather than direct password transmission. This approach ensures that passwords neer traverse the network, and no two hash (that node use to verify password) are same due to different nonce for each authentication request.
The structure for messages are below:

message LoginRequest {
    string username = 1;
    bytes password = 2;
}

message LoginResponse {
    string status = 1;
   // bytes token = 2;
    string message = 3;
}

What we’re looking forward to


The larger picture for us is to create an infrastructure where we could enable multi-user per ndoe support, and web-based interface. Therefore we would be working on Session token management system that would validate the authenticated operatings and enable stateful user sessions while maintaining security.

Challenges


RPC system extension. Integrating authentication into qaul’s existing rpc infrastructure was a bit challenging for me initially, but a few wrong attempts gave me a clear picture. Also, the existing code helped me understand how things were working.

We wanted the user password to be actually very secure, so instead of simply hashing it, we now hash the user password with salt, let’s say hash1 and then libqaul send you a nonce, and using hash1 and nonce we calculate the hash2. This ensures that the hash2 is never the same for any existing passwords.

Next Steps


For the remainder of the project, I plan to focus on:

  • Session Management Completion
  • CLI Integration
  • Encryption Implementation

Conclusion


The midterm point helped me reflect on my journey, and I’m glad to say that the project is shaping up excellent. Wit the core authentication infrastructure completion and properly integration into libqaul. we have a solid foundation for secure multi-user support and future interface development. Thank you to my mentor Mathjud and the entire qaul community!

Leave a Reply

Your email address will not be published. Required fields are marked *