Hi,
I am testing my application with the 1.0.1 beta and noticed the errors
generated are not very friendly when SRP credentials are incorrect. The
problem is that the error codes returned in no way indicate that the problem is
incorrect credentials. Instead I see errors about "bad record mac"
On 1/10/2012 11:38 AM, Peter Sylvester wrote:
an excerpt from rfc 5054 paragraph 3.3
If an attacker learns a user's SRP verifier (e.g., by gaining access
to a server's password file), the attacker can masquerade as the real
server to that user, and can also attempt a dictionary attack
an excerpt from rfc 5054 paragraph 3.3
If an attacker learns a user's SRP verifier (e.g., by gaining access
to a server's password file), the attacker can masquerade as the real
server to that user, and can also attempt a dictionary attack to
recover that user's password.
An atta
On 01/10/2012 04:52 AM, Norm Green wrote:
Hi,
I am testing my application with the 1.0.1 beta and noticed the errors generated are not
very friendly when SRP credentials are incorrect. The problem is that the error codes
returned in no way indicate that the problem is incorrect credentials.
Hi,
I am testing my application with the 1.0.1 beta and noticed the errors
generated are not very friendly when SRP credentials are incorrect. The
problem is that the error codes returned in no way indicate that the problem is
incorrect credentials. Instead I see errors about "bad record mac"
Dear Users,
I have released version 4.51 of stunnel.
The ChangeLog entry:
Version 4.51, 2012.01.09, urgency: MEDIUM:
* New features
- Updated Win32 binary distribution OpenSSL DLLs to version 0.9.8s-fips.
- Updated Android binary OpenSSL to version 1.0.0f.
- Zlib support added to Win32 a