[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SCRAM-05 notes (was: Clarifying the qualities we desire the DIGEST-MD5 replacement to have)

To: Abhijit Menon-Sen <ams@xxxxxxxxxx>
Subject: SCRAM-05 notes (was: Clarifying the qualities we desire the DIGEST-MD5 replacement to have)
From: Hallvard B Furuseth <h.b.furuseth@xxxxxxxxxxx>
Date: Thu, 13 Mar 2008 14:53:45 +0100
Cc: Chris Newman <Chris.Newman@xxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <hbf.20080313x7ar@xxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
References: <9C18D563-B86C-4ED8-8312-F22578A11E63@xxxxxxxxx> <> <hbf.20080311nead@xxxxxxxxxxxxx> <> <20080312150438.GA10423@xxxxxxxxxx> <hbf.20080313x7ar@xxxxxxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx

I wrote:
>> 1.1. Terminology
>>       The authentication information for a
>>       SCRAM identity consists of salt and the "StoredKey" and
>>       "ServerKey" (as defined in the algorithm overview) for each
>>       supported cryptographic hash function.
>
> Also iteration count.  So, a set of tuples
>    (hash function, iteration count, salt, StoredKey, ServerKey).
>
> If the iteration count is a config parameter instead of stored per hash,
> the admin must throw away all hashes and get all users to set new
> passwords.

Eh.  I meant, if the admin wants to increase the configured iteration
count he must do that.

Another detail: You can use RFC 3112's authPassword for the LDAP
attribute.  Though I imagine implementations will instead use
   userPassword: {SCRAM}whatever
as described in RFC 2307, even though that breaks the LDAP standard.

-- 
Hallvard

References:
- Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Kurt Zeilenga
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Chris Newman
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Hallvard B Furuseth
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Chris Newman
- Re: Clarifying the qualities we desire the DIGEST-MD5 replacement to have
  - From: Abhijit Menon-Sen
- SCRAM-05 notes (was: Clarifying the qualities we desire the DIGEST-MD5 replacement to have)
  - From: Hallvard B Furuseth

Prev by Date: SCRAM-05 notes (was: Clarifying the qualities we desire the DIGEST-MD5 replacement to have)
Previous by thread: SCRAM-05 notes (was: Clarifying the qualities we desire the DIGEST-MD5 replacement to have)
Next by thread: which is our DIGEST-MD5 successor?
Index(es):
- Date
- Thread