[gnutls-devel] [PATCH] srp: Add resistance against guessing usernames

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Feb 18 19:52:45 CET 2014


On 02/18/2014 12:59 AM, Attila Molnar wrote:

>> Thanks, it's a nice feature. I wonder, whether we can avoid
>> gnutls_srp_set_server_fake_salt_seed()... I believe most 
>> applications would not use an additional API for that.
> 
> Do you mean to avoid the new function and not have the ability
> to set the same seed after a restart, or to move this functionality
> somewhere else?
> 
> If the latter, I checked the srp functions in gnutls and couldn't
> find one that could be modified in a way to include this feature.

I couldn't think of anything better also. Anyway my only comments are:

>  	entry->v.data = gnutls_malloc(20);
>  	entry->v.size = 20;

[...]

> +	_gnutls_set_datum(&cred->fake_salt_seed, seed->data, seed->size);
> +	cred->fake_salt_length = (salt_length < 20 ? salt_length : 20);

Shouldn't they be DEFAULT_FAKE_SALT_SEED_SIZE?

> + * Since: 3.3

s/3.3/3.3.0/

regards,
Nikos




More information about the Gnutls-devel mailing list