RE: minimum password length check

2009-12-18 Thread Shyam_Iyer
> -Original Message- > From: open-iscsi@googlegroups.com [mailto:open-is...@googlegroups.com] > On Behalf Of Ulrich Windl > Sent: Friday, December 18, 2009 3:24 PM > To: open-iscsi@googlegroups.com > Subject: RE: minimum password length check > > On 18 D

RE: minimum password length check

2009-12-18 Thread Ulrich Windl
csi@googlegroups.com > > Subject: Re: minimum password length check > > > > On 15 Dec 2009 at 22:47, shyam_i...@dell.com wrote: > > > > > From the spec: > > > " > > >CHAP secrets MUST be an integral number of bytes (octets). A > > >

RE: minimum password length check

2009-12-17 Thread Shyam_Iyer
> -Original Message- > From: open-iscsi@googlegroups.com [mailto:open-is...@googlegroups.com] > On Behalf Of Ulrich Windl > Sent: Wednesday, December 16, 2009 1:08 PM > To: open-iscsi@googlegroups.com > Subject: Re: minimum password length check > > On 15 De

RE: minimum password length check

2009-12-17 Thread Ulrich Windl
s.com > > Subject: RE: minimum password length check > > > > On 17 Dec 2009 at 0:55, shyam_i...@dell.com wrote: > > > > > Essentially what you are saying is that we haven't implemented the > > > secret's bit randomness calculation to check if ha

RE: minimum password length check

2009-12-17 Thread Shyam_Iyer
> -Original Message- > From: open-iscsi@googlegroups.com [mailto:open-is...@googlegroups.com] > On Behalf Of Ulrich Windl > Sent: Thursday, December 17, 2009 1:27 PM > To: open-iscsi@googlegroups.com > Subject: RE: minimum password length check > > On 17 D

RE: minimum password length check

2009-12-16 Thread Ulrich Windl
On 17 Dec 2009 at 0:55, shyam_i...@dell.com wrote: > Essentially what you are saying is that we haven't implemented the > secret's bit randomness calculation to check if has atleast 96bits of > entropy. > No, I just wanted to point out that the quality of a secret key cannot simply be measured

Re: minimum password length check

2009-12-16 Thread Mike Christie
shyam_i...@dell.com wrote: > So I guess we should do some thing like this > > > If (check_96bit_entropy() && secret < AUTH_MAX_STR_LEN) { > Use_secret > } > else { > Secret not strong enough ..throw error... > } > We do not check. The only problem would be if we added one

RE: minimum password length check

2009-12-16 Thread Shyam_Iyer
> -Original Message- > From: open-iscsi@googlegroups.com [mailto:open-is...@googlegroups.com] > On Behalf Of Ulrich Windl > Sent: Wednesday, December 16, 2009 1:08 PM > To: open-iscsi@googlegroups.com > Subject: Re: minimum password length check > > On 15 De

Re: minimum password length check

2009-12-15 Thread Ulrich Windl
On 15 Dec 2009 at 22:47, shyam_i...@dell.com wrote: > From the spec: > " >CHAP secrets MUST be an integral number of bytes (octets). A >compliant implementation SHOULD NOT continue with the login step in >which it should send a CHAP response (CHAP_R, Section 11.1.4 >Challenge Hands