Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
gnutls_srp_set_server_fake_salt_seedgnugnutls_srp_set_server_fake_salt_seed(3)

NAME
       gnutls_srp_set_server_fake_salt_seed - API function

SYNOPSIS
       #include	<gnutls/gnutls.h>

       void	gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_creden-
       tials_t cred, const gnutls_datum_t * seed, unsigned int salt_length);

ARGUMENTS
       gnutls_srp_server_credentials_t cred
		   is a	gnutls_srp_server_credentials_t	type

       const gnutls_datum_t * seed
		   is the seed data, only needs	to be valid until the function
		   returns; size of the	seed must be greater than zero

       unsigned	int salt_length
		   is the length of the	generated fake salts

DESCRIPTION
       This  function sets the seed that is used to generate salts for invalid
       (non-existent) usernames.

       In order	to prevent attackers from guessing  valid  usernames,  when  a
       user does not exist gnutls generates a salt and a verifier and proceeds
       with the	protocol as usual.  The	authentication will  ultimately	 fail,
       but  the	 client	 cannot	tell whether the username is valid (exists) or
       invalid.

       If an attacker learns the seed, given a salt  (which  is	 part  of  the
       handshake)  which  was  generated when the seed was in use, it can tell
       whether or not the authentication failed	because	of  an	unknown	 user-
       name.   This  seed  cannot  be used to reveal application data or pass-
       words.

	salt_length should represent the salt length  your  application	 uses.
       Generating fake salts longer than 20 bytes is not supported.

       By  default  the	 seed  is  a  random  value,  different	 each  time  a
       gnutls_srp_server_credentials_t is allocated  and  fake	salts  are  16
       bytes long.

SINCE
       3.3.0

REPORTING BUGS
       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org

COPYRIGHT
       Copyright (C) 2001- Free	Software Foundation, Inc., and others.
       Copying	and  distribution  of this file, with or without modification,
       are permitted in	any medium without royalty provided the	copyright  no-
       tice and	this notice are	preserved.

SEE ALSO
       The  full  documentation	 for gnutls is maintained as a Texinfo manual.
       If the /usr/local/share/doc/gnutls/ directory does not contain the HTML
       form visit

       https://www.gnutls.org/manual/

gnutls				    3.6gnutls_srp_set_server_fake_salt_seed(3)

NAME | SYNOPSIS | ARGUMENTS | DESCRIPTION | SINCE | REPORTING BUGS | COPYRIGHT | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=gnutls_srp_set_server_fake_salt_seed&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help