SASL always returns ssf=56 for GSSAPI
Nicolas.Williams at sun.com
Thu Sep 21 18:44:58 EDT 2006
BTW, the whole concept of absolute security strength factors is broken.
After all, the relative strengths of ciphers, hashes, MACs, assymertic
cryptographic algorithms (RSA, DH, etc...) and cryptographic protocols
built on them are variable over time. And some constructions can be
much stronger than the individual components used to build them.
IMO the right way to design an API for expressing and enforcing policy
relating to the strength of cryptographic systems used, and in the face
of pluggable frameworks, is to provide for rules-based profiles that
applications and libraries refer to by name, and which mechanisms simply
Then administrators can write profiles that express the policies that
More information about the Cyrus-sasl