|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Wietse Venema (wietse
porcupine.org)
Date: Sun Dec 02 2007 - 14:08:48 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Victor Duchovni:
> Despite the SHA-1 hash (which is important, but not sufficient) the table
> keys enable off-line dictionary attacks on the password (if one knows the
> nexthop and username). So the table file "mode" should be 0600, not 0644.
> So the appropriate umask is 077, not 022.
>
> > + cache_map = dict_ht_open("verify", htable_create(0), myfree);
>
> Should this say "cache" rather than "verify"?
>
> > +static void smtp_sasl_make_cache_key(VSTRING *buf,const char *host,
> > + const char *user,const char *pass)
> > +{
> > + VSTRING *tmp = vstring_alloc(10);
> > +
> > + vstring_sprintf(tmp,"%s;%s;%s",host,user,pass);
> > + base64_encode(buf,(const char*)SHA1((unsigned char*)STR(tmp),
> > + (unsigned long)VSTRING_LEN(tmp),0),SHA_DIGEST_LENGTH);
> > + vstring_free(tmp);
> > +}
>
> So this feature depends on OpenSSL's libcrypto. How should that be
> handled in makedefs? (Question for Wietse I think).
OpenSSL must not be mandatory. On my servers, it makes no sense to
increase the attack profile by tens of thousand of lines of code.
> Anyway, this is probably enough for now in terms of patches, the key
> question at this point is whether this should be adopted. Wietse?
Assuming that it implements its own cache daemon, the only thing
that remains is naming.
If possible, the master.cf service name should match the executable
name.
Is "cache" really a good choice for a Postfix daemon name?
Is "auth_cache" really a good name for a service that remembers
password failures?
Wietse
Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]