> -Original Message-
> From: open-iscsi@googlegroups.com [mailto:open-is...@googlegroups.com]
> On Behalf Of Ulrich Windl
> Sent: Friday, December 18, 2009 3:24 PM
> To: open-iscsi@googlegroups.com
> Subject: RE: minimum password length check
>
> On 18 D
csi@googlegroups.com
> > Subject: Re: minimum password length check
> >
> > On 15 Dec 2009 at 22:47, shyam_i...@dell.com wrote:
> >
> > > From the spec:
> > > "
> > >CHAP secrets MUST be an integral number of bytes (octets). A
> > >
> -Original Message-
> From: open-iscsi@googlegroups.com [mailto:open-is...@googlegroups.com]
> On Behalf Of Ulrich Windl
> Sent: Wednesday, December 16, 2009 1:08 PM
> To: open-iscsi@googlegroups.com
> Subject: Re: minimum password length check
>
> On 15 De
s.com
> > Subject: RE: minimum password length check
> >
> > On 17 Dec 2009 at 0:55, shyam_i...@dell.com wrote:
> >
> > > Essentially what you are saying is that we haven't implemented the
> > > secret's bit randomness calculation to check if ha
> -Original Message-
> From: open-iscsi@googlegroups.com [mailto:open-is...@googlegroups.com]
> On Behalf Of Ulrich Windl
> Sent: Thursday, December 17, 2009 1:27 PM
> To: open-iscsi@googlegroups.com
> Subject: RE: minimum password length check
>
> On 17 D
On 17 Dec 2009 at 0:55, shyam_i...@dell.com wrote:
> Essentially what you are saying is that we haven't implemented the
> secret's bit randomness calculation to check if has atleast 96bits of
> entropy.
>
No, I just wanted to point out that the quality of a secret key cannot simply
be
measured
shyam_i...@dell.com wrote:
> So I guess we should do some thing like this
>
>
> If (check_96bit_entropy() && secret < AUTH_MAX_STR_LEN) {
> Use_secret
> }
> else {
> Secret not strong enough ..throw error...
> }
>
We do not check. The only problem would be if we added one
> -Original Message-
> From: open-iscsi@googlegroups.com [mailto:open-is...@googlegroups.com]
> On Behalf Of Ulrich Windl
> Sent: Wednesday, December 16, 2009 1:08 PM
> To: open-iscsi@googlegroups.com
> Subject: Re: minimum password length check
>
> On 15 De
On 15 Dec 2009 at 22:47, shyam_i...@dell.com wrote:
> From the spec:
> "
>CHAP secrets MUST be an integral number of bytes (octets). A
>compliant implementation SHOULD NOT continue with the login step in
>which it should send a CHAP response (CHAP_R, Section 11.1.4
>Challenge Hands