Cyrus POP3 Issue

Rob Siemborski rjs3 at
Mon Mar 14 21:33:58 EST 2005

On Mon, 14 Mar 2005, Marco Colombo wrote:

> I'm not happy to hear there is a 'large number of deployments' where
> RFC 2831 recommandation is violated. The admins of those site should
> consider either getting more resources (entropy, in this case) or stop
> running any strong but demanding SASL mechanism (or SSL/TLS). Once
> again, by definition, "a large number" does not mix well with the
> "particular circumstances" mentioned in the RFC.

It is highly likely that unless they have a REALLY good source of entropy, 
they could still be relatively easily DOS'd just by asking for lots of 
DIGEST authentications.

> What's the point in using any strong auth mech in a way that violates
> its RFC recommandations? Moreover, is it ok for any software having a
> _default_ configuration that acts against some RFCs?

Its not acting against or violating the RFC.  The RFC specifies a SHOULD. 
There is a supported configuration that agrees with the SHOULD even.

Its very important to keep in mind that the attack that is being defended 
against here would be extraordinarily difficult to make use of in 
practice, since the only benefit you'd see out of not having good entropy 
is the "ability" to select the server's nonce by controlling the PNRG of 
the server.  So you could possibly precompute lookup tables based on the 
selected nonce which would allow you to break the shared secret (and thus, 
the session).

It is quite likely the case that there are easier attacks other parts of 
the server beyond the authentication exchange that would allow you to 
access the shared secret directly.  Or its atleast spending the time to 
look for them before trying to predict the PNRG output.

> Having said that, now I'll let this thread die, I promise. :-)

Sounds good.

Rob Siemborski

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list