Nico you are correct which is why I had stopped responding, but since you split it off I do have some final notes for David.
1) Digest auth in SASL does not have the challenge portion of DIGEST-MD5 which makes it significantly easier to decode. admittedly yes it is technically encrypted but its so weak that any script kiddie can crack it in les than 10 seconds there for I do not consider it to be real encryption, incidentally DES and 3DES are also valid "encryption" algorithms there too. 2) base64 is mentioned although not as an absolute requirement but more of a commonly used suggestion in RFC 222 section 5.3, RFC 4422 5.3 3) base64 is mentioned as a requirement in RFC RFC 2831 section 2.1.1, and RFC 2617 all over the doc. Now what I was referring to when I mentioned salt was along the lines of RFC 5802 which last i checked wasn't implemented yet in Cyrus SASL, although I may be wrong. in that RFC there is a salted change response. It is talking about GSS-API, which you may think only means Kerberos V but GSS-API supports mechanisms than Kerberos V if you dig into it a little. the thing about GSS-API is it makes every mechanism it supports look like Kerberos but its simply a plugable mechanism for verifying pre-shared secrets. On Sat, Dec 22, 2012 at 12:02 AM, Nico Kadel-Garcia <[email protected]> wrote: > On Fri, Dec 21, 2012 at 5:50 AM, David Sommerseth > <[email protected]> wrote: >> On 20/12/12 19:49, Paul Robert Marino wrote: >>> Its base64 with DIGEST-MD5 hashing with no salt. >>> If you don't beleave me just decode it through any base64 tool and you >>> will see the entire conversation >>> And if you still don't beleave me read the RFC that describes SASL its >>> very clearly explained and a relativly short read as RFCs go. >> >> I've read through RFC2831 [1] more times now, which describes the >> DIGEST-MD5 protocol pretty well. And there are some details there, >> which libvirt user and which makes it impossible to use any base64 tool >> to extract the password, as you claim. > > Boys, I've changed the title? This is way off scope from my original > question about virt-manager and sudo.
