Hi,
I am testing my application with the 1.0.1 beta and noticed the errors
generated are not very friendly when SRP credentials are incorrect. The
problem is that the error codes returned in no way indicate that the problem is
incorrect credentials. Instead I see errors about bad record mac
On 01/10/2012 04:52 AM, Norm Green wrote:
Hi,
I am testing my application with the 1.0.1 beta and noticed the errors generated are not
very friendly when SRP credentials are incorrect. The problem is that the error codes
returned in no way indicate that the problem is incorrect credentials.
an excerpt from rfc 5054 paragraph 3.3
If an attacker learns a user's SRP verifier (e.g., by gaining access
to a server's password file), the attacker can masquerade as the real
server to that user, and can also attempt a dictionary attack to
recover that user's password.
An
On 1/10/2012 11:38 AM, Peter Sylvester wrote:
an excerpt from rfc 5054 paragraph 3.3
If an attacker learns a user's SRP verifier (e.g., by gaining access
to a server's password file), the attacker can masquerade as the real
server to that user, and can also attempt a dictionary attack
Hi,
I am testing my application with the 1.0.1 beta and noticed the errors
generated are not very friendly when SRP credentials are incorrect. The
problem is that the error codes returned in no way indicate that the problem is
incorrect credentials. Instead I see errors about bad record mac