Be careful: if you set the ClientAuth to Srp,Srp256 and the ServerAuth
is Srp256,Srp, then you will always use SHA-1 to generate the client
proof and you get no benefit from the patch.
Ideally the client is Srp256 only, with Srp256,Srp to allow for
compatibility with older Firebird 3 servers only.
Tony Whyman
MWA
On 21/06/18 15:15, Mark Rotteveel wrote:
On 21-6-2018 15:57, Alex Peshkoff via Firebird-devel wrote:
On 21.06.2018 16:36, Mark Rotteveel wrote:
That is everything continues to use SHA-1, except the generating of
M itself.
As far as I can see - yes.
The only detail that you need to support both cases depending upon
plugin name.
Yes, I think I'll modify the SrpClient class to accept the relevant
hash algorithm name. Now I only need to decide how I'm going to order
the auth. Srp256, Srp is more secure, but Srp, Srp256 is probably
faster when connecting to current Firebird 3 versions.
Maybe it is time I introduce a connection property for that.
Mark
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
