1gnutls_srp_set_server_fake_salt_seed(g3n)utglnsutls_srp_set_server_fake_salt_seed(3)
2
3
4

NAME

6       gnutls_srp_set_server_fake_salt_seed - API function
7

SYNOPSIS

9       #include <gnutls/gnutls.h>
10
11       void     gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_creden‐
12       tials_t cred, const gnutls_datum_t * seed, unsigned int salt_length);
13

ARGUMENTS

15       gnutls_srp_server_credentials_t cred
16                   is a gnutls_srp_server_credentials_t type
17
18       const gnutls_datum_t * seed
19                   is the seed data, only needs to be valid until the function
20                   returns; size of the seed must be greater than zero
21
22       unsigned int salt_length
23                   is the length of the generated fake salts
24

DESCRIPTION

26       This  function sets the seed that is used to generate salts for invalid
27       (non-existent) usernames.
28
29       In order to prevent attackers from guessing  valid  usernames,  when  a
30       user does not exist gnutls generates a salt and a verifier and proceeds
31       with the protocol as usual.  The authentication will  ultimately  fail,
32       but  the  client  cannot tell whether the username is valid (exists) or
33       invalid.
34
35       If an attacker learns the seed, given a salt  (which  is  part  of  the
36       handshake)  which  was  generated when the seed was in use, it can tell
37       whether or not the authentication failed because of  an  unknown  user‐
38       name.   This  seed  cannot  be used to reveal application data or pass‐
39       words.
40
41        salt_length should represent the salt length  your  application  uses.
42       Generating fake salts longer than 20 bytes is not supported.
43
44       By  default  the  seed  is  a  random  value,  different  each  time  a
45       gnutls_srp_server_credentials_t is allocated  and  fake  salts  are  16
46       bytes long.
47

SINCE

49       3.3.0
50

REPORTING BUGS

52       Report bugs to <bugs@gnutls.org>.
53       Home page: https://www.gnutls.org
54
55
57       Copyright © 2001- Free Software Foundation, Inc., and others.
58       Copying  and  distribution  of this file, with or without modification,
59       are permitted in any medium without royalty provided the copyright  no‐
60       tice and this notice are preserved.
61

SEE ALSO

63       The  full  documentation  for gnutls is maintained as a Texinfo manual.
64       If the /usr/share/doc/gnutls/ directory does not contain the HTML  form
65       visit
66
67       https://www.gnutls.org/manual/
68
69gnutls                               3.7g.n2utls_srp_set_server_fake_salt_seed(3)
Impressum