RE: minimum password length check
-Original Message- From: open-iscsi@googlegroups.com [mailto:open-is...@googlegroups.com] On Behalf Of Ulrich Windl Sent: Thursday, December 17, 2009 1:27 PM To: open-iscsi@googlegroups.com Subject: RE: minimum password length check On 17 Dec 2009 at 0:55, shyam_i...@dell.com wrote: Essentially what you are saying is that we haven't implemented the secret's bit randomness calculation to check if has atleast 96bits of entropy. No, I just wanted to point out that the quality of a secret key cannot simply be measured with strlen(password), and that 96 bits of randomness may require a longer string as one might initially have guessed. Right I get you right then.. Don't want to rework on getting the entropy of the secret. Do you mind open-sourcing it so we could do the checks as I detailed in the previous mail? Thanks, Shyam -- You received this message because you are subscribed to the Google Groups open-iscsi group. To post to this group, send email to open-is...@googlegroups.com. To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/open-iscsi?hl=en.
RE: minimum password length check
On 17 Dec 2009 at 16:08, shyam_i...@dell.com wrote: -Original Message- From: open-iscsi@googlegroups.com [mailto:open-is...@googlegroups.com] On Behalf Of Ulrich Windl Sent: Thursday, December 17, 2009 1:27 PM To: open-iscsi@googlegroups.com Subject: RE: minimum password length check On 17 Dec 2009 at 0:55, shyam_i...@dell.com wrote: Essentially what you are saying is that we haven't implemented the secret's bit randomness calculation to check if has atleast 96bits of entropy. No, I just wanted to point out that the quality of a secret key cannot simply be measured with strlen(password), and that 96 bits of randomness may require a longer string as one might initially have guessed. Right I get you right then.. Don't want to rework on getting the entropy of the secret. Do you mind open-sourcing it so we could do the checks as I detailed in the previous mail? I don't have the code you are looking for, because what I have is Perl, and it does _create_ random secrets following a pattern, optionally outputting the estimated bits of randomness. Originally written to create similar, but different, not very obvious root passwords for a set of similar machines. Something completely different... Regards, Ulrich -- You received this message because you are subscribed to the Google Groups open-iscsi group. To post to this group, send email to open-is...@googlegroups.com. To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/open-iscsi?hl=en.
RE: minimum password length check
-Original Message- From: open-iscsi@googlegroups.com [mailto:open-is...@googlegroups.com] On Behalf Of Ulrich Windl Sent: Wednesday, December 16, 2009 1:08 PM To: open-iscsi@googlegroups.com Subject: Re: minimum password length check On 15 Dec 2009 at 22:47, shyam_i...@dell.com wrote: From the spec: CHAP secrets MUST be an integral number of bytes (octets). A compliant implementation SHOULD NOT continue with the login step in which it should send a CHAP response (CHAP_R, Section 11.1.4 Challenge Handshake Authentication Protocol (CHAP)) unless it can verify that the CHAP secret is at least 96 bits, or that IPsec encryption is being used to protect the connection. You picked up an interesting issue: The Microsoft Initiator limits the length of the secret to 16 characters (AFAIR). I wrote a lottle program that generates random secrets and estimated the entropy (i.e. number of bits): With 16 random letters, you are at about 92 bits (e.g. mMPuhxfKAYuIFTjZ) With 16 random letters with digits you are at about 95 bits (e.g. b3v4B8mRoiFWjpF9) What algorithm are you using to arrive at this ... Googling(and some of my information theory lit..) almost always hints me to shannon's theorem to find the randomness of a character string ... Check this http://www.redkestrel.co.uk/Articles/RandomPasswordStrength.html -- You received this message because you are subscribed to the Google Groups open-iscsi group. To post to this group, send email to open-is...@googlegroups.com. To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/open-iscsi?hl=en.
RE: [Open-FCoE] [fcoemon PATCH v2 00/11] rfcoemon restructuring
-Original Message- From: devel-boun...@open-fcoe.org [mailto:devel-boun...@open-fcoe.org] On Behalf Of Mike Christie Sent: Thursday, December 17, 2009 9:05 AM To: open-iscsi@googlegroups.com Cc: eric.w.multa...@intel.com; de...@open-fcoe.org Subject: Re: [Open-FCoE] [fcoemon PATCH v2 00/11] rfcoemon restructuring shyam_i...@dell.com wrote: Shouldn't the requirement to administer DCB be FCoE independent ? After all DCB is required for other protocols like iscsi as well. It is not required for iscsi. I think people are thinking it is going to be useful for iscsi though. Uh Ok.. I meant DCB would be useful for both FCoE and iSCSI. On the other hand it is a requirement for FCoE. -- You received this message because you are subscribed to the Google Groups open-iscsi group. To post to this group, send email to open-is...@googlegroups.com. To unsubscribe from this group, send email to open-iscsi+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/open-iscsi?hl=en.
