[gnutls-devel] [RFC] srp: Add resistance against guessing usernames

Attila Molnar attilamolnar at hush.com
Tue Feb 18 19:02:38 CET 2014


On Tue, Feb 18, 2014 at 1:42 PM, "Nikos Mavrogiannopoulos" <nmav at gnutls.org> wrote:
>Thanks, it's a nice feature. I wonder, whether we can avoid
>gnutls_srp_set_server_fake_salt_seed()... I believe most 
>applications would not use an additional API for that.

Do you mean to avoid the new function and not have the ability
to set the same seed after a restart, or to move this functionality
somewhere else?

If the latter, I checked the srp functions in gnutls and couldn't
find one that could be modified in a way to include this feature.

I have also taken a look at OpenSSL; it provides a way for programs
to set the seed.

Regards, Attila




More information about the Gnutls-devel mailing list