[gnutls-devel] [PATCH] srp: Add resistance against guessing usernames
nmav at gnutls.org
Tue Feb 18 19:52:45 CET 2014
On 02/18/2014 12:59 AM, Attila Molnar wrote:
>> Thanks, it's a nice feature. I wonder, whether we can avoid
>> gnutls_srp_set_server_fake_salt_seed()... I believe most
>> applications would not use an additional API for that.
> Do you mean to avoid the new function and not have the ability
> to set the same seed after a restart, or to move this functionality
> somewhere else?
> If the latter, I checked the srp functions in gnutls and couldn't
> find one that could be modified in a way to include this feature.
I couldn't think of anything better also. Anyway my only comments are:
> entry->v.data = gnutls_malloc(20);
> entry->v.size = 20;
> + _gnutls_set_datum(&cred->fake_salt_seed, seed->data, seed->size);
> + cred->fake_salt_length = (salt_length < 20 ? salt_length : 20);
Shouldn't they be DEFAULT_FAKE_SALT_SEED_SIZE?
> + * Since: 3.3
More information about the Gnutls-devel