LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

December 2012

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS December 2012

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SASL and Base64, was Re: Does anyone have virt-manager working with sudo?
From:	Paul Robert Marino <[log in to unmask]>
Reply To:	Paul Robert Marino <[log in to unmask]>
Date:	Mon, 24 Dec 2012 12:38:48 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (45 lines)

Nico
you are correct which is why I had stopped responding, but since you
split it off I do have some final notes for David.

1) Digest auth in SASL does not have the challenge portion of
DIGEST-MD5 which makes it significantly easier to decode. admittedly
yes it is technically encrypted but its so weak that any script kiddie
can crack it in les than 10 seconds there for I do not consider it to
be real encryption, incidentally DES and 3DES are also valid
"encryption" algorithms there too.
2) base64 is mentioned although not as an absolute requirement but
more of a commonly used suggestion in RFC 222 section 5.3,  RFC 4422
5.3
3) base64 is mentioned as a requirement in RFC RFC 2831 section 2.1.1,
and RFC 2617 all over the doc.

Now what I was referring to when I mentioned salt was along the lines
of RFC 5802 which last i checked wasn't implemented yet in Cyrus SASL,
although I may be wrong. in that RFC there is a salted change
response. It is talking about GSS-API, which you may think only means
Kerberos V but GSS-API supports mechanisms than Kerberos V if you dig
into it a little. the thing about GSS-API is it makes every mechanism
it supports look like Kerberos but its simply a plugable mechanism for
verifying pre-shared secrets.

On Sat, Dec 22, 2012 at 12:02 AM, Nico Kadel-Garcia <[log in to unmask]> wrote:
> On Fri, Dec 21, 2012 at 5:50 AM, David Sommerseth
> <[log in to unmask]> wrote:
>> On 20/12/12 19:49, Paul Robert Marino wrote:
>>> Its base64 with DIGEST-MD5 hashing with no salt.
>>> If you don't beleave me just decode it through any base64 tool and you
>>> will see the entire conversation
>>> And if you still don't beleave me read the RFC that describes SASL its
>>> very clearly explained and a relativly short read as RFCs go.
>>
>> I've read through RFC2831 [1] more times now, which describes the
>> DIGEST-MD5 protocol pretty well.  And there are some details there,
>> which libvirt user and which makes it impossible to use any base64 tool
>> to extract the password, as you claim.
>
> Boys, I've changed the title? This is way off scope from my original
> question about virt-manager and sudo.

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV