On 5 March 2015 at 22:39, Aaron Zauner <a...@azet.org> wrote: > Yep. I confused SRP with PSK ciphersuites here. There're no ciphersuites > that support PKIX and SRP. Unfortunately there's also only AES-CBC > (mac-then-encrypt) as a possible option when using SRP. > https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
Those ciphersuites are not ideal, but exploiting padding oracles requires an auto-reconnecting client and doesn't buy you all that much. I think the direction upstream is going with SCRAM (or similar) is fine, but either new hashes are required or using a customized code base that uses MD5(password|username) where the password would normally be directly input is needed. I don't have time to write any code, but I'm happy to review schemes and code (and probably will at some point anyway). Regards, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
