This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Security Strength Factor
Security Strength Factor

Version management

Difference between version and

At line 1 added 36 lines
!!! Overview
[{$pagename}] ([SSF]) appears to be a broadly interpreted value within some [SASL] implementations.
[We|ContactUs] can find No definition has been found in any [RFC].
!! [Oracle][1]
[SSF], the [{$pagename}], indicates the strength of the [SASL] protection. If the mechanism supports a security layer, the client and server negotiate the [SSF]. The value of the [SSF] is based on the security properties that were specified before the [SASL] negotiation. If a non-zero [SSF] is negotiated, both client and server need to use the mechanism's security layer when the authentication has completed.
SSF is represented by an integer with one of the following values:
* 0 – No protection.
* 1 – Integrity checking only.
* >1 – Supports authentication, integrity and confidentiality. The number represents the encryption key length.
The [confidentiality] and [integrity] operations are performed by the security mechanism. libsasl coordinates these requests.
!! [OpenLDAP][2]
[OpenLDAP] has multiple SSFs. For each session, there is one for [SASL], one for [TLS], etc., and an overall session [SSF] (the greatest [SSF] of any particular layer).
From slapd.conf(5): an integer approximate to effective key length used for encryption.
* 0 (zero) implies no protection,
* 1 implies integrity protection only,
* 56 allows [DES] or other weak ciphers,
* 112 allows [triple DES] and other strong ciphers,
* 128 allows [RC4], [Blowfish] and other modern strong ciphers.
[SASL]/EXTERNAL, itself, provides no security layers.There may be protections provided by lower layers (like [TLS]) and, if so, these are reflected in [SSF] associated with the particular layer providing the protection as well as the overall [SSF].[2]
!! [389 Directory Server][3]
[389 Directory Server] allows setting Minimum SSF Usage within [ACIs], but the calculation of [{$pagename}] was not shown.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [SASL Security Strength Factor|https://docs.oracle.com/cd/E23824_01/html/819-2145/sasl.intro.20.html|target='_blank'] - based on information obtained 2016-09-05
* [#2] - [Re: Security Strength Factor|http://www.openldap.org/lists/openldap-software/200212/msg00380.html|target='_blank'] - based on information obtained 2016-09-05
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop