From: Rob Siemborski (no email)
Date: Thu Mar 10 2005 - 16:42:59 EST
On Fri, 4 Mar 2005, Henrique de Moraes Holschuh wrote:
> On Thu, 03 Mar 2005, L. Mark Stone wrote:
>> The POP server component is giving us a problem. It often fails to
>> respond to connection requests in a timely manner, if at all. IMAP
>
> Disable APOP, or get SASL to use /dev/urandom like it should be doing in any
> sane distribution (SASL is not generating long-term keys which would be a
> good reason to use /dev/random).
Almost right.
SASL doesn't generate *keys* using this, it generates *nonces*, which are
known to the attacker anyway, since they are transmitted in the clear
anyway. It just matters that they don't repeat often enough to bother
precomputing values for.
If SASL was using this for key generation, then yes, most of the comments
in this thread have merit.
-Rob
(Hmmm, its possible that the SRP plugin is using this for something else,
I'm not familiar enough with SRP and would have to ask Ken).
---------------------------------------------------------------------
Rob Siemborski
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|