On Fri, 4 Mar 2005, Henrique de Moraes Holschuh wrote:
On Thu, 03 Mar 2005, L. Mark Stone wrote:The POP server component is giving us a problem. It often fails to respond to connection requests in a timely manner, if at all. IMAP
Disable APOP, or get SASL to use /dev/urandom like it should be doing in any sane distribution (SASL is not generating long-term keys which would be a good reason to use /dev/random).
Almost right.
SASL doesn't generate *keys* using this, it generates *nonces*, which are known to the attacker anyway, since they are transmitted in the clear anyway. It just matters that they don't repeat often enough to bother precomputing values for.
If SASL was using this for key generation, then yes, most of the comments in this thread have merit.
-Rob
(Hmmm, its possible that the SRP plugin is using this for something else, I'm not familiar enough with SRP and would have to ask Ken).
--------------------------------------------------------------------- Rob Siemborski
--- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
