On 25-6-2018 12:26, Dimitry Sibiryakov wrote:
25.06.2018 12:22, Alex Peshkoff via Firebird-devel wrote:
This attack does not depend on plugin name knowledge.
If one is using legacy plugin no need to try >8 chars passwords.
This is prevented by timeout after 3 unsuccessful logins. You
On 25-6-2018 10:35, Alex Peshkoff via Firebird-devel wrote:
On 25.06.2018 10:47, Mark Rotteveel wrote:
On 2018-06-24 20:49, Alex Peshkoff via Firebird-devel wrote:
Because it's bad idea to open to client (specially not authenticated)
details of problems with authentication.
I agree with that
25.06.2018 12:29, Tony Whyman wrote:
There is nothing theoretical about brute force attacks. They always work, the only issue
how long they take.
Look at my answer to Alex. This is topic about replacing error "shit happen" with
something useful for diagnostic.
--
WBR, SD.
On 25/06/18 11:17, Dimitry Sibiryakov wrote:
25.06.2018 11:29, Tony Whyman wrote:
Even if it were still computationally infeasible to break Srp today,
it is probably that in the next few years it will be totally broken.
You missed my words "non-theoretical".
There is nothing theoretical
On 25-6-2018 10:32, Alex Peshkoff via Firebird-devel wrote:
On 25.06.2018 10:51, Mark Rotteveel wrote:
On 2018-06-24 20:51, Alex Peshkoff via Firebird-devel wrote:
Because it's as designed. What problems with it?
Having to construct the config string is awkward, especially when you
already
On 25.06.2018 13:17, Dimitry Sibiryakov wrote:
25.06.2018 11:14, Alex Peshkoff via Firebird-devel wrote:
Bruteforce passwords over the wire. We are still missing any
passwords regulation (like min.length, UP/low letters, etc.) i.e.
people can use passwords like 'pass' and such things can be
25.06.2018 11:14, Alex Peshkoff via Firebird-devel wrote:
Bruteforce passwords over the wire. We are still missing any passwords regulation (like
min.length, UP/low letters, etc.) i.e. people can use passwords like 'pass' and such
things can be bruteforced.
This attack does not depend on
25.06.2018 11:29, Tony Whyman wrote:
Even if it were still computationally infeasible to break Srp today, it is probably that
in the next few years it will be totally broken.
You missed my words "non-theoretical".
--
WBR, SD.
On 25/06/18 10:14, Alex Peshkoff via Firebird-devel wrote:
On 25.06.2018 12:02, Dimitry Sibiryakov wrote:
25.06.2018 10:35, Alex Peshkoff via Firebird-devel wrote:
Afraid you are wrong here. It helps an attacker to detect what
plugin is actually used by server (for example - srp or srp256)
On 25/06/18 10:02, Dimitry Sibiryakov wrote:
25.06.2018 10:35, Alex Peshkoff via Firebird-devel wrote:
Afraid you are wrong here. It helps an attacker to detect what plugin
is actually used by server (for example - srp or srp256) and use that
info to attack particular plugin later.
Does
On 25.06.2018 12:02, Dimitry Sibiryakov wrote:
25.06.2018 10:35, Alex Peshkoff via Firebird-devel wrote:
Afraid you are wrong here. It helps an attacker to detect what plugin
is actually used by server (for example - srp or srp256) and use that
info to attack particular plugin later.
Does
On 25.06.2018 10:47, Mark Rotteveel wrote:
On 2018-06-24 20:49, Alex Peshkoff via Firebird-devel wrote:
On 23.06.2018 17:06, Mark Rotteveel wrote:
Why is an authentication plugin mismatch (as in the list of plugins
between client and server have no overlap) not clearly communicated
to the
On 25.06.2018 10:51, Mark Rotteveel wrote:
On 2018-06-24 20:51, Alex Peshkoff via Firebird-devel wrote:
On 23.06.2018 19:05, Mark Rotteveel wrote:
When using the native fbclient, why can't I use
isc_dpb_auth_plugin_list/isc_spb_auth_plugin_list to pass the
authentication plugins to try, and
On 2018-06-24 20:51, Alex Peshkoff via Firebird-devel wrote:
On 23.06.2018 19:05, Mark Rotteveel wrote:
When using the native fbclient, why can't I use
isc_dpb_auth_plugin_list/isc_spb_auth_plugin_list to pass the
authentication plugins to try, and why do I need to use the
On 2018-06-24 20:49, Alex Peshkoff via Firebird-devel wrote:
On 23.06.2018 17:06, Mark Rotteveel wrote:
Why is an authentication plugin mismatch (as in the list of plugins
between client and server have no overlap) not clearly communicated to
the client?
For example if I have AuthServer =
Adriano dos Santos Fernandes wrote Sun, 24 Jun 2018
21:09:21 +0300:
Not touching the algorithm AUTOTERM. This functionality would be useful.
Moreover, some IDEs for Firebird successfully solve this problem, for
example IB Expert. Although perhaps this is not cheap.
--
Simonov Denis
16 matches
Mail list logo