Cyrus POP3 Issue
rjs3 at andrew.cmu.edu
Mon Mar 14 21:33:58 EST 2005
On Mon, 14 Mar 2005, Marco Colombo wrote:
> I'm not happy to hear there is a 'large number of deployments' where
> RFC 2831 recommandation is violated. The admins of those site should
> consider either getting more resources (entropy, in this case) or stop
> running any strong but demanding SASL mechanism (or SSL/TLS). Once
> again, by definition, "a large number" does not mix well with the
> "particular circumstances" mentioned in the RFC.
It is highly likely that unless they have a REALLY good source of entropy,
they could still be relatively easily DOS'd just by asking for lots of
> What's the point in using any strong auth mech in a way that violates
> its RFC recommandations? Moreover, is it ok for any software having a
> _default_ configuration that acts against some RFCs?
Its not acting against or violating the RFC. The RFC specifies a SHOULD.
There is a supported configuration that agrees with the SHOULD even.
Its very important to keep in mind that the attack that is being defended
against here would be extraordinarily difficult to make use of in
practice, since the only benefit you'd see out of not having good entropy
is the "ability" to select the server's nonce by controlling the PNRG of
the server. So you could possibly precompute lookup tables based on the
selected nonce which would allow you to break the shared secret (and thus,
It is quite likely the case that there are easier attacks other parts of
the server beyond the authentication exchange that would allow you to
access the shared secret directly. Or its atleast spending the time to
look for them before trying to predict the PNRG output.
> Having said that, now I'll let this thread die, I promise. :-)
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus