Blog

Categories:
8. 2. 2025
Security Cryptography
SASL analysis, part five

SASL Analysis, Part Five

Previous episodes have been devoted mainly to technical analysis and description of the algorithms used. The above algorithms have a large number of bottlenecks, which creates an interesting situation when it is necessary to choose the required algorithms. Because there is no perfect solution, the algorithms in this article are divided into groups with similar problems. Thanks to this, it is possible to get an idea of the whole situation and possibly make a decision based on the current situation.

Why are authentication algorithms so important?

The basic part of access to information is the authentication of the applicant. The applicant is reported to the system at the beginning, he identifies himself. In order to assign any permissions to the user, the system must verify him or her, i.e. check the validity of his or her identity. It is for this reason that authentication is a critical point in access to data, it must ensure the highest possible accuracy. Only after authentication is it possible to assign rights to the users, giving them the possibility to access the selected information.
Apart from the assumption for assigning permissions, authentication supports other properties. First, it is one of the forms of authenticity (authenticity, originality of data), which is related to a specific user. This proof of authenticity is provided by the system only in its area of competence. A general proof of authenticity can be a digital signature. Second similar property is non-repudiation, i.e. proof of the user's inseparable connection with specific data or activity.

Algorithm Problems

The previous four parts of the authentication mechanism analysis were intended to acquaint those interested with the technologies used in each algorithm. The reason is the need to provide adequate data for authentication by any reader interested in cryptography. Currently, there is a large increase in the number of attacks and also a significant increase in their quality. Current authentication algorithms are not able to adapt to this situation, they are practically past their zenith and substitutes are not available. Although the above mentioned mechanisms are at the basis of authentication. All problems found can be summarized in the following points:
- no cryptoprimitives.
- obsolete cryptoprimitives or obsolete methods of using the above cryptoprimitives.
- no or low resistance to attacks with the help of quantum computers.
- authentication mechanisms do not meet the conditions to protect the transferred data from repetition, redirection, hijacking of connections or falsification of communications, or they do not support forward secrecy (a communication captured in the past allows to derive the transferred information in the future).
- the authentication mechanism does not provide full protection of the transferred data and a link to other communications.
- the authentication check is performed by a logical barrier (condition), when compliance with the condition can be achieved by modifying the executed code.

Methods without cryptography

Authentication methods that do not use any methods of protection with cryptography cannot be considered safe. This is a necessary condition, but not sufficient, as will be stated below. Among the above mentioned algorithms it is possible to include:
- ANONYMOUS (there is no authentication).
- LOGIN.
- PLAIN (data transmitted as a Base64 coded string, there is no protection).
- OAUTH, OAUTH10A, XOAUTH (only for HTTP Basic Authentication).
- OAUTH2, OAUTHBEARER, OPENID2 (only for HTTP Basic Authentication).
- SAML (only for logging against SQL/NoSQL systems with web interface and HTTP Basic Authentication, for other systems supporting the PLAIN and LOGIN methods).
All the above methods require the use of transport encryption (SSL/TLS) and the enforcement of two-way authentication (mTLS – Mutual TLS). Otherwise it is possible to perform SSL inspection and to eavesdrop on the actual logging information transmitted. For the OAUTH2, OAUTHBEARER and OPENID20 methods it is to some extent supported to use JWT token encryption. Another Proof Key for Code Exchange (PKCE) method protects only Authorization Code Grant. Deployment of the above methods is therefore to some extent a security risk and it is necessary to ensure thorough authentication of the target systems.

Obsolete crypto-primitives or methods

A large number of designs have emerged during development that do not support new encryption algorithms. Similarly, there have been developments in the way algorithms and their protections are used, the width of the key material and other parameters. In this section, only methods are mentioned for which it is not possible to switch to the current algorithms or corresponding key widths. They are ranked here:
- 9798-U-DSA-SHA1, 9798-M-DSA-SHA1 (use of obsolete DSAs and SHA1).
- 9798-M-ECDSA-SHA1, 9798-M-RSA-SHA1-ENC, 9798-U-RSA-SHA1-ENC, SRP, SCRAM-SHA-1, SCRAM-SHA-1-PLUS (use of obsolete SHA1, SRP and SCRAM algorithms are still resilient).
- CRAM-MD5, DigestMD5 and Compuserve RPA (broken MD5, but in this case CRAM-MD5 is still resilient due to HMAC construction).
- PASSDSS, KERBEROS_V4 (obsolete DES).
- KERBEROS_V (use of obsolete or broken DES, 3DES, RC2, RC4) - NMAS_AUTHEN, NMAS_LOGIN (even in case of use of obsolete and broken MD5 and SHA1 the algorithm still resists thanks to the HMAC function).
- NMAS_SAMBA-AUTH, NTLM, SPNEGO, SPNEGO-PLUS, GS2-*, GSSAPI, GSS-* (when calling NTLM it is not possible to ensure security).
When using these algorithms it is again necessary to deploy transport encryption. Trust in these algorithms is not justified, they are rundown algorithms with limited use. In the case of SPNEGO, SPNEGO-PLUS, GS2-*, GSSAPI, GSS-* if only the KERBEROS-V5 protocol is available, not NTLM, this is a reasonable method of protection. Another, substantial detail with an impact on security is the use of the PLUS method, or 9798-M-*. These two methods provide a link to transport encryption using SSL/TLS and add an additional layer of protection. This can provide at least limited protection against the risk created by SSL inspection to some extent.

Notes - obsolete cryptoprimitive:
- MD5 function hash, finding a collision in under one minute, HMAC structure safe for now.
- SHA1 hash function, finding a collision in a matter of days, HMAC structure safe for now.
- RC4 stream cipher, successful attack can be realized in 12s according to the volume of data.
- DES, 3DES have a block width of only 64b and have a vulnerable structure. Attack can be realized in a matter of hours according to the volume of data.
- RC2 has an obsolete structure and is a rundown algorithm.
- DSA has an obsolete structure and is a rundown algorithm.

Resistance to quantum computers

There are only a few algorithms within SASL that are able to withstand quantum computers. This is the KERBEROS_V5 method using the aes256-cts-hmac-sha384-192 and camellia256-cts-cmac algorithms. Under certain conditions, the EXTERNAL method could also serve this purpose if there is verification e.g. at the SSL/TLS level using algorithms resistant to quantum computers. However, due to the possibility of downgrade to weaker protective mechanisms, relying on other layer methods is rather unfortunate.
Notes - Quantum computer resistance:
- Current asymmetric algorithms are not able to withstand quantum computers.
- Current symmetric algorithms can withstand quantum computers if the key length is at least 256b.

Methods of protection of transmitted data (credentials)

Depending on the algorithms used and the ability to protect the transmitted information, it is possible to divide the algorithms in different ways.
- Unpredictable. One of the protection mechanisms is the use of a random prompt, time stamp or number of logins to change the content of the transmitted data. This ensures a certain degree of randomness, which can help in the protection, unfortunately it is not self-saving. This is an extensive list of methods 9798-M-DSA-SHA1, 9798-M-ECDSA-SHA1, 9798-M-RSA-SHA1-ENC, 9798-U-DSA-SHA1, 9798-U-RSA-SHA1-ENC, CRAM-MD5, DIGEST-MD5, EAP-AES128, EAP-AES128-PLUS, ECDH-X25519-CHALLENGE, ECDSA-NIST256P-CHALLENGE, EXTERNAL, GS2-*, GS2-KRB5, GS2-KRB5-PLUS, GSS-SPNEGO, GSSAPI, KERBEROS_V4, KERBEROS_V5, NEGOEXT, NMAS_AUTHEN, NMAS_LOGIN, NMAS-SAMBA-AUTH, NTLM, PASSDSS, Compuserve RPA, SCRAM-SHA-1-PLUS, SCRAM-SHA-256, SCRAM-SHA-256-PLUS, SPNEGO, SPNEGO-PLUS, SRP and SXOVER-PLUS.
- Authentication bond between server and client. It allows the connection to the communication channel between the client and the server. These protective mechanisms are minimal. It is used to protect the communication channel from hijacking during authentication. These are the PASSDSS, SRP, ECDH-X25519-CHALLENGE and SXOVER-PLUS methods.
- Double-sided authentication that not only verifies the client, but also the server to which it logs in. The condition is the availability of information that provides the possibility to verify the server. These technologies are hardly used, only PASSDSS, SRP, ECDH-X25519-CHALLENGE and SXOVER-PLUS methods support them.
- Protection against channel counterfeiting by forward secrecy protects the ability to separate past messages from future ones. This makes it impossible to attack and decrypt new transmissions based on knowledge of past answers. Thorough processing of these protections is minimal and they are only supported at the SSL/TLS level.
- The link between the authentication and the transmission channel as protection against connection hijacking is only available for PLUS methods. These are the methods 9798-M-DSA-SHA1, 9798-M-ECDSA-SHA1, 9798-M-RSA-SHA1-ENC, EAP-AES128-PLUS, GS2-KRB5-PLUS, SCRAM-SHA-1-PLUS, SCRAM-SHA-256-PLUS, SPNEGO-PLUS, SXOVER-PLUS.

Password validation methods (validation)

With one exception, all methods currently used use the method of validation by logical constructs. SRP In simple terms, this is the condition where if side A is the same as side B. The user is admitted to the system. In contrast, the cryptographic system provides proof of the ability to decrypt certain data. For validation, it is sufficient to provide proof of the ability. If the user does not provide an adequate answer, he is not admitted to the system. To some extent, this is a procedure similar to ZKP (Zero Knowledge Protocols). In this case, evidence is provided that must not in any way provide information leading to the discovery of data capable of providing such proof. The sentence is difficult to understand, but an example is finding a word in a book. You are supposed to provide evidence of finding a specific word in a book of your choice, without the possibility for the opposing party to be able to determine which book or page of this book it is. The solution is quite simple. A word-sized hole is cut out in the box and you show the chosen word through this hole. The opposing party has no chance of knowing the name of the book or the page number. Similarly, authentication information can be verified. In the case of password validation, this exception is the SRP method.

EXTERNAL, GS2-*, GSS-*, GSSAPI, SPNEGO, SPNEGO-PLUS and NEGOEXT

With these methods, it is difficult to determine which mechanisms will be chosen, because the methods are negotiated first, and the password validation later. For the reasons given, it is not possible to unambiguously determine the security properties.

OTP, SKEY and SECUREID

The above methods serve as supporting methods suitable for MFA and cannot be used on their own. The key materials used have too low entropy and can be detected with a reasonable number of attempts. All three methods are available with the old cryptoprimitives MD5 and SHA-1 as well as with the current versions using SHA2-256. If the above technologies must be used, it is advisable to use the current versions of cryptoprimitives. Due to the design, it is currently possible to deploy OTP using TOTP or HOTP algorithms, but the SKEY and SECUREID methods are currently outdated. In the case of SKEY, this is an easy denial attack because the token without power loses information about previous iterations of hash functions. In the case of SECUREID, there have been several problems with token synchronization in the history, seed (generating information) leaks and several MITM vulnerabilities. Time and counter tokens are significantly more vulnerable in this way than Challenge-Response tokens or tokens requiring more complex handling. On the other hand, they are extremely easy to use. This makes them easy to use.

Methods OAUTH, XOAUTH, OAUTH2, OAUTHBEARER, XOAUTH2, OPENID20, SAML

The above methods are not mentioned in the previous paragraphs for a simple reason. The above algorithms provide authorizations based on simple authentication mechanisms. Authentication, which is only a part of the services, occurs when redirected from the application. The client (user) is redirected by this application to an authentication server, providing identity authentication, hereafter only tokens are used. The above solution has a large number of advantages and disadvantages, so it is necessary to mention the limitations of these mechanisms separately. Due to the complexity of the protocol, especially in the case of OAUTH2 and similar, there are significant risks roofed:
- Session Fixation, a bug allowing hijacking of the authenticated connection. It is based on using the same Session ID. The attacker has thus obtained the victim's permission.
- Weaknesses in the processing of the authentication token. allows its hijacking during the initial negotiation. To protect the token, it is necessary to use its encryption with the PKCE (Proof of Key for Code Exchange), it should not be used in a purely textual form. Furthermore, the token can leak even if it is stored locally with the client. If it is stored in localStorage, it can be retrieved by XSS attack. If the token is passed directly in the URL, a typical example is ImplicitFlow, it can be retrieved directly from the referrer logs (Implicit flow should not be used and replaced by Authorization Code Flow together with PKCE). SecureCookies can be used as a defense in this case, defining scopes and the like.
- The unlimited validity of Access Tokens is obviously an inappropriate approach. If they leak, then it is not possible to invalidate these tokens, or it is a long time. For practical reasons, it makes no sense to have the validity of the token longer than 10-15 minutes, in extreme cases half an hour.
- Like Access Tokens, Refresh tokens are vulnerable. They should be stored securely and rotated regularly.
- Missing digital signatures in the JWT token. These tokens generally allow to significantly increase the security of communication against text tokens, but the condition is the corresponding use of cryptography. For this reason, it is extremely inappropriate to use the "none" algorithm, which allows the transmission of unencrypted information.
- By controlling the application. A legitimate application controlled by an attacker allows to obtain sensitive information. This can be used to attack JWT tokens (JWT_private_key). This error was found in the course of 2024 and removed in the beginning of 2025, resulting in a change in the processing method.
- Malignant applications that pretend to be legitimate applications allow to obtain Access tokens. For this reason, it is necessary to use Client Registration, this is information about the applications being used (ideally Client ID and secret access) and the permission to request tokens.
- Phishing is a matter related mainly to e-mails, but its targeting of specific users allows access to authentication data. These are usually errors on the part of users, therefore it is necessary to use MFA to ensure appropriate authentication by another channel. In addition, it is advisable to authenticate the target servers for authentication for client applications, using for example OAUTH state.
During the development, OAUTH2 has seen a significant change of the whole working group with interesting consequences. This group of people criticized the new standard because of the following problems, where most of them have still not been satisfactorily solved and some of them will be implemented in the upcoming OAUTH2.1. At the same time, these problems describe the security weaknesses of the whole system and still represent a significant criticism of the whole standard. More in the link under [1].

Authentication for OAUTH and XOAUTH

The OAUTH and XOAUTH methods allow authentication only by means of mechanisms such as HTTP Basic Authentication, Digest Authentication, or with the possibility of additional authentication using OTP or FIDO2. Authorization tokens are also provided on the basis of authentication. Since the technology is not able to provide adequate protection of user passwords, it is necessary to protect it with SSL/TLS. Unfortunately, this protection is not perfect either, as there is no two-way system authentication. For this reason, the method is vulnerable using SSL inspection (border firewalls).
Protection against Relay attack: The condition is a link to the server certificate (two-way authentication using mTLS – Mutual TLS). This type of attack is not prevented by MFA.
Protection against Replay attack: With the exception of HTTP Basic Authentication, it is possible to defend against replay attack and MFA supports this defense.
Forward secrecy: Only possible at SSL/TLS
Crypto-primitives: In case of using Digest Authentication, it is possible to use MD5, SHA1 and SHA256, where MD5 and SHA1 are obsolete.
No crypto-primitives are used for HTTP Basic Authentication, this is pure plaintext.
Quantum computer resistance: Possible only if SSL/TLS is used, with support for quantum computer resistant mechanisms.
Zero Knowledge Protocols: No support for SRP or other similar mechanisms.

Authentication for OAUTH2, OAUTHBEARER, XOAUTH2 and OPENID20

The OAUTH2, OAUTHBEARER, XOAUTH2 and OPENID20 methods allow authentication only with mechanisms such as HTTP Basic Authentication, Digest Authentication, or with the option of additional authentication using OTP or FIDO2. From today's perspective, it is an obsolete method to send the name and password directly in the POST request directly (Resource Owner Password Credentials). Another, but rare, method is to send the name and password in an encrypted JWT, this method is not commonly used. Authorization tokens are also provided on the basis of some of the above authentication options. Since the above technology is not able to provide adequate protection of user passwords, it is necessary to protect it with SSL/TLS. Unfortunately, this protection is not perfect either, as there is no two-way system authentication. For this reason, the method is vulnerable with SSL inspection (frontier firewalls).
Protection against Relay attack: A condition is a connection to the server certificate (two-way authentication with mTLS – Mutual TLS). This type of attack is not prevented by MFA.
Protection against Replay attack: With the exception of HTTP Basic Authentication, it is possible to defend against replay attack and MFA supports this defense.
Forward secrecy assurance: Only possible at SSL/TLS
Crypto-primitives: If Digest Authentication is used, it is possible to use MD5, SHA1 and SHA256, where MD5 and SHA1 are obsolete.
Without cryptography: No crypto-primitives are used for HTTP Basic Authentication, this is pure plaintext.
Immunity against quantum computers: Only possible if SSL/TLS is used with support for quantum computer-resistant mechanisms.
Zero Knowledge Protocols: No support for SRP or other similar mechanisms.

Authentication for SAML

This method covers and uses other methods, so it can work with a wide range of possible mechanisms. It depends only on the properties of the Identity Provider (IdP, i.e. Authentication server). The following can be used as an authentication server:
- LDAP, where LDAP supports SASL mechanisms.
- Active Directory (LDAP+DNS+Kerberos), where AD supports primarily KERBEROS.
- User database in SQL/NoSQL systems, where login uses mostly HTTP interfaces and TTP Basic Authentication mechanisms, Digest Authentication, or with the possibility of additional authentication using OTP or FIDO2.
- External authentication systems (OAuth 2.0, OpenID Connect, Kerberos, RADIUS). OAUTH20 or OPENID20 have been mentioned, and KERBEROS is also clear. For AAA systems (Authentication, Authorization, Accounting) such as RADIUS, TACACS+ and DIAMETER, it depends on the support of authentication mechanisms. As systems usually support EAP mechanisms, it is necessary to use the gateways for transmitting information (SAML-to-RADIUS, SAML-to-TACACS+, SAML-to-DIAMETER).

Even in the case of SAML, there is a risk of unauthorized access to data. Possible attacks include:
- Assertion Replay attack. The message is intercepted by the attacker and sent again. As a precaution, it is possible to set the assertion lifetime in the order of units, up to tens of minutes. Furthermore, strictly use nonce and timestamp, outside of this set the One-Time Use Policy tokens for all SAML tokens. Information about assertion status can be checked in the dump saml:Conditions NotBefore and NotOnOrassertion.
- Manipulation assertion. If the assertion is not digitally signed and encrypted, the attacker can manipulate it. Therefore, plaintext assertion should not be used at all. All transmitted information should be encrypted, signed (ideally including metadata) and only messages containing a valid signature should be received.
- XML External Entity (XEE). This is a bug caused by the parser for an XML document, which allows additional content to be inserted, for example, by a server-side request forgery (SSRF). Components should be tested and ideally run in a dedicated environment.
- E-mail forwarding. This is a bug related to attribute verification in SAML (saml:Attribute), where insufficient system control of the e-mail's domain affiliation can create an awkward situation. Thus, under certain conditions, a valid e-mail can be used by the first user to gain access to the other user's data. Although the Identity Provider (authentication server) returns the correct information, the problem is due to faulty authentication on the Service Provider side (SP, usually an application).
- XML Signature Wrapping (XSW) Attack. The message is intercepted and modified by the attacker, who adds a modified element to the XML. This can obtain different permissions or another user ID. The protection is the XPath validation setting.
- Signature Stripping Attack. This is a setup error, messages must always be checked for a valid signature. If the specified check is not used, you can either modify and send the modified request, or modify the token and leave the signature in its original form.
- SAML Response Spoofing. Here, a modified new message with different user permissions is created. If the description is not verified correctly, you can obtain rights beyond the definition. The solution is a consistent signature check and Audience Restriction in SAML assertion.
- Relay Attack on SAML Single Logout (SLO). This is a malicious attack, where the logout request is modified. This prevents the attacker from logging off, but another user. The protection is to enforce Channel Binding and digital signature even for logging off, and to check who the requests are really intended for.
- Account Takeover using SAML Injection. If the content of a SAML request can be modified and the application does not verify the trust of the source, the attacker can gain access to other data. Therefore, it is necessary to validate all attributes and enforce the digital signature.
- Man-in-the-Middle (MITM) Attack. This is only the case when the message is not adequately protected. Therefore, it is necessary to use at least SSL/TLS.
- Phishing is a matter related mainly to e-mails, but its targeting to specific users allows access to authentication data, as with OAUTH mechanisms. These are errors on the part of users, therefore it is necessary to use MFA to ensure appropriate authentication via another channel. And as with OAUTH, it is advisable for client applications to authenticate target servers for authentication.

Mechanism support on the part of individual libraries

The overview also includes information on current and past support of mechanisms in some known libraries. The overview can be an interesting guide in case of selection. From the information available, an unpleasant situation is obvious. There is not much choice, only combinations meeting at least the minimum authentication security requirements are sought.

MechanismCyrrusDovecotGNUSASLJSASLMicrosoft SSPI
ANONYMOUS-SupportedSupported--
APOP-Supported---
CRAM-MD5-SupportedSupportedSupported-
DIGEST-MD5-SupportedSupportedSupportedSupported
EXTERNAL-SupportedSupportedSupportedSupported
GS2Supported----
GS2-*--Supported--
GSS-SPNEGOSupportedSupported---
GSSAPISupportedSupportedSupportedSupportedSupported
LOGINSupportedSupportedSupported-Supported
NTLM-SupportedSupported-Supported
OAUTHBEARER-Supported--
OPENID20--Supported--
OTPSupportedSupported---
PASSDSSSupported----
PLAINSupportedSupportedSupportedSupportedSupported
RPA-Supported---
SAML20--Supported--
SCRAM-SHA-1-SupportedSupported-Supported
SCRAM-SHA-256SupportedSupported--Supported
SECURIDSupported-Supported--
SKEY-Supported---
SRPSupported----
XOAUTH2-Supported---


MechanismPySASLNode.js SASLGo SASLRust SASLPHP SASL
ANONYMOUS--SupportedSupportedSupported
APOP-----
CRAM-MD5----Supported
DIGEST-MD5-SupportedSupportedSupportedSupported
EXTERNAL-SupportedSupportedSupported
GS2-----
GS2-*-----
GSS-SPNEGO-----
GSSAPISupported--Supported-
LOGINSupportedSupportedSupportedSupportedSupported
NTLM-----
OAUTHBEARER--SupportedSupported-
OPENID20-----
OTP-----
PASSDSS-----
PLAINSupportedSupportedSupportedSupportedSupported
RPA-----
SAML20-----
SCRAM-SHA-1SupportedSupportedSupportedSupported-
SCRAM-SHA-256SupportedSupportedSupportedSupported-
SECURID-----
SKEY-----
SRP-----
XOAUTH2--SupportedSupported-

Conclusion

From the point of view of the current deployment of mechanisms, the problem is how to provide adequate protection. The available technologies are maturing and are completely unprepared for changes around 2030. There is a lack of mechanisms providing two-sided authentication (i.e. client and server side authentication), a lack of technologies providing ZKP (Zero Knowledge Proof), technologies using up-to-date cryptoprimitives or algorithms resistant to quantum computers. Because of the weaknesses of OAUTH/OAUTH2-based technologies, it is advisable to avoid them, but the technologies using SAML are promising and allow the system side to define the corresponding algorithms and their protection. This partially eliminates their weaknesses.
From the current perspective, it still makes sense to use technologies such as SCRAM, SRP or SXOVER. Of the commonly used ones, KERBEROS_V5 is either directly or via available interfaces such as GSSAPI or GS2. Here I would argue for a move away from all NEGO algorithms that allow fallback on NTLM. Another option is SAML, for example, but its configuration is extremely demanding. The reward can be a relatively high level of security in case of a suitable configuration. In the case of Microsoft environment, SAML is not available via SSPI, but it can be used by ADFS (Active Directory Federation Service) or AAD (Azure Active Directory).

Reference:

  1. OAuth 2.0 and the Road to Hell
    Source: https://web.archive.org/
  2. OWASP: XML External Entity vulnerability.
    Source: https://www.owasp.org/
  3. Portswiger: XML external entity (XXE) injection.
    Source: https://www.portswiger.net/
  4. Cyrus: Authentication Mechanisms.
    Source: https://www.cyrusimap.org/
  5. DOVECOT: Authentication (SASL) Mechanisms.
    Source: https://www.dovecot.org/
  6. GNU SASL Library - Libgsasl.
    Source: https://www.gnu.org/
  7. The Java SASL API Programming and Deployment Guide.
    Source: https://docs.oracle.com/
  8. SSPI: Security Support Provider Interface Architecture.
    Source: https://learn.microsoft.com/
  9. PySASL: pysasl.mechanism Module.
    Source: https://github.io/
  10. Node.JS SASL framework.
    Source: https://github.com/
  11. NPM list of Node.JS SASL mechanisms library.
    Source: https://www.npmjs.com/
  12. GO Client and server SASL framework.
    Source: https://github.com/
  13. Rust SASL API.
    Source: https://docs.rs/
  14. The PHP SASL Authentification Library.
    Source: https://github.com/
  15. Historické: PHP Cyrus SASL Extension.
    Source: https://pecl.php.net/

Autor článku:

Jan Dušátko
Jan Dušátko

Jan Dušátko has been working with computers and computer security for almost a quarter of a century. In the field of cryptography, he has cooperated with leading experts such as Vlastimil Klíma or Tomáš Rosa. Currently he works as a security consultant, his main focus is on topics related to cryptography, security, e-mail communication and Linux systems.

Podobné články

Sharing files with SMB protocol and cryptography
16. 9. 2024
Sharing files with SMB protocol and cryptography
Sharing files with NFS protocol and cryptography
17. 9. 2024
Sharing files with NFS protocol and cryptography
Quantum computer resistant algorithms
27. 9. 2024
Quantum computer resistant algorithms
Storing password with Crypt interface
8. 10. 2024
Storing password with Crypt interface
logo

Your learning platform for cryptography
and security.

Jan Dušátko
info@cryptosession.cz
+420 602 427 840

Pod Harfou 938/58
190 00, Praha 9

IČ: 43479766
DIČ: CZ 7208253041

Bank no.:
78-7768770207/0100

© 2025 Cryptosession.cz Design: Lukáš Kejha, Development: Karel Tropp

1. Introductory Provisions

1.1. These General Terms and Conditions are, unless otherwise agreed in writing in the contract, an integral part of all contracts relating to training organised or provided by the trainer, Jan Dušátko, IČ 434 797 66, DIČ 7208253041, with location Pod Harfou 938/58, Praha 9 (next as a „lector“).
1.2. The contracting parties in the general terms and conditions are meant to be the trainer and the ordering party, where the ordering party may also be the mediator of the contractual relationship.
1.3. Issues that are not regulated by these terms and conditions are dealt with according to the Czech Civil Code, i.e. Act No.89/2012 Coll.
1.4. All potential disputes will be resolved according to the law of the Czech Republic.

2. Creation of a contract by signing up for a course

2.1. Application means unilateral action of the client addressed to the trainer through a data box with identification euxesuf, e-mailu with address register@cryptosession.cz or register@cryptosession.info, internet pages cryptosession.cz, cryptosession.info or contact phone +420 602 427 840.
2.2. By submitting the application, the Client agrees with these General Terms and Conditions and declares that he has become acquainted with them.
2.3. The application is deemed to have been received at the time of confirmation (within 2 working days by default) by the trainer or intermediary. This confirmation is sent to the data box or to the contact e-mail.
2.4. The standard time for registration is no later than 14 working days before the educational event, unless otherwise stated. In the case of a natural non-business person, the order must be at least 28 working days before the educational event.
2.5. More than one participant can be registered for one application.
2.6. If there are more than 10 participants from one Client, it is possible to arrange for training at the place of residence of the intermediary or the Client.
2.7. Applications are received and processed in the order in which they have been received by the Provider. The Provider immediately informs the Client of all facts. These are the filling of capacity, too low number of participants, or any other serious reason, such as a lecturer's illness or force majeure. In this case, the Client will be offered a new term or participation in another educational event. In the event that the ordering party does not agree to move or participate in another educational event offered, the provider will refund the participation fee. The lack of participants is notified to the ordering party at least 14 days before the start of the planned term.
2.8. The contract between the provider and the ordering party arises by sending a confirmation from the provider to the ordering party.
2.9. The contract may be changed or cancelled only if the legal prerequisites are met and only in writing.

3. Termination of the contract by cancellation of the application

3.1. The application may be cancelled by the ordering party via e-mail or via a data mailbox.
3.2. The customer has the right to cancel his or her application for the course 14 days before the course takes place without any fees. If the period is shorter, the subsequent change takes place. In the interval of 7-13 days, an administrative fee of 10% is charged, cancellation of participation in a shorter interval than 7 days then a fee of 25%. In case of cancellation of the application or order by the customer, the possibility of the customer's participation in an alternative period without any additional fee is offered. The right to cancel the application expires with the implementation of the ordered training.
3.3. In case of cancellation of the application by the trainer, the ordering party is entitled to a full refund for the unrealized action.
3.4. The ordering party has the right to request an alternative date or an alternative training. In such case, the ordering party will be informed about all open courses. The alternative date cannot be enforced or enforced, it depends on the current availability of the course. If the alternative training is for a lower price, the ordering party will pay the difference. If the alternative training is for a lower price, the trainer will return the difference in the training prices to the ordering party.

4. Price and payment terms

4.1. By sending the application, the ordering party accepts the contract price (hereinafter referred to as the participation fee) indicated for the course.
4.2. In case of multiple participants registered with one application, a discount is possible.
4.3. The participation fee must be paid into the bank account of the company held with the company Komerční banka č. 78-7768770207/0100, IBAN:CZ5301000000787768770207, BIC:KOMBCZPPXXX. When making the payment, a variable symbol must be provided, which is indicated on the invoice sent to the client by the trainer.
4.4. The participation fee includes the provider's costs, including the training materials. The provider is a VAT payer.
4.5. The client is obliged to pay the participation fee within 14 working days of receipt of the invoice, unless otherwise stated by a separate contract.
4.6. If the person enrolled does not attend the training and no other agreement has been made, his or her absence is considered a cancellation application at an interval of less than 7 days, i.e. the trainer is entitled to a reward of 25% of the course price. The overpayment is returned within 14 days to the sender's payment account from which the funds were sent. Payment to another account number is not possible.
4.7. An invoice will be issued by the trainer no later than 5 working days from the beginning of the training, which will be sent by e-mail or data box as agreed.

5. Training conditions

5.1. The trainer is obliged to inform the client 14 days in advance of the location and time of the training, including the start and end dates of the daily programme.
5.2. If the client is not a student of the course, he is obliged to ensure the distribution of this information to the end participants. The trainer is not responsible for failure to comply with these terms and conditions.
5.2. By default, the training takes place from 9 a.m. to 5 p.m. at a predetermined location.
5.3. The trainer can be available from 8 a.m. to 9 a.m. and then from 17 a.m. to 6 p.m. for questions from the participants, according to the current terms and conditions.
5.4. At the end of the training, the certificate of absorption is handed over to the end users.
5.5. At the end of the training, the end users evaluate the trainer's approach and are asked to comment on the evaluation of his presentation, the manner of presentation and the significance of the information provided.

6. Complaints

6.1. If the participant is grossly dissatisfied with the course, the trainer is informed of this information.
6.2. The reasons for dissatisfaction are recorded in the minutes in two copies on the same day. One is handed over to the client and one is held by the trainer.
6.3. A statement on the complaint will be submitted by e-mail within two weeks. A solution will then be agreed within one week.
6.4. The customer's dissatisfaction may be a reason for discontinuing further cooperation, or financial compensation up to the price of the training, after deduction of costs.

7. Copyright of the provided materials

7.1. The training materials provided by the trainer in the course of the training meet the characteristics of a copyrighted work in accordance with Czech Act No 121/2000 Coll.
7.2. None of the training materials or any part thereof may be further processed, reproduced, distributed or used for further presentations or training in any way without the prior written consent of the trainer.

8. Liability

8.1. The trainer does not assume responsibility for any shortcomings in the services of any third party that he uses in the training.
8.2. The trainer does not assume responsibility for injuries, damages and losses incurred by the participants in the training events or caused by the participants. Such costs, caused by the above circumstances, shall be borne exclusively by the participant in the training event.

9. Validity of the Terms

9.1 These General Terms and Conditions shall be valid and effective from 1 October 2024.

Consent to the collection and processing of personal data

According to Regulation (EU) No 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "the Regulation"), the processor xxx (hereinafter referred to as "the Controller") processes personal data. Individual personal data that are part of the processing during specific activities at this web presentation and in the course of trade are also broken down.
Although the collection of data is ubiquitous, the operation of this website is based on the right to privacy of each user. For this reason, the collection of information about users takes place to the extent absolutely necessary and only if the user decides to contact the operator. We consider any further collection and processing of data unethical.

Information about the records of access to the web presentation

This website does not collect any cookies. The site does not use any analytical scripts of third parties (social networks, cloud providers). For these reasons, an option is also offered for displaying the map in the form of a link, where the primary source is OpenStreet and alternatives then the frequently used Maps of Seznam, a.s., or Google Maps of Google LLC Inc. The use of any of these sources is entirely at the discretion of the users of this site. The administrator is not responsible for the collection of data carried out by these companies, does not provide them with data about users and does not cooperate on the collection of data.
Logging of access takes place only at the system level, the reason being the identification of any technical or security problems. Other reasons are overview access statistics. No specific data is collected or monitored in this area and all access records are deleted after three months.

Information about contacting the operator of the site

The form for contacting the operator of the site (administrator) contains the following personal data: name, surname, e-mail. These data are intended only for this communication, corresponding to the address of the user and are kept for the time necessary to fulfil the purpose, up to a maximum of one year, unless the user determines otherwise.

Information about the order form

In case of an interest in the order form, the form contains more data, i.e. name, surname, e-mail and contact details for the organisation. These data are intended only for this communication, corresponding to the address of the user and are kept for one year, unless the user determines otherwise. In the event that a business relationship is concluded on the basis of this order, only the information required by Czech law on the basis of business relations (company name and address, bank account number, type of course and its price) will continue to be kept by the administrator.

Information about the course completion document

Within the course, a course completion document is issued by the processor. This document contains the following data: student's name and surname, the name and date of the course completion and the employer's name. The information is subsequently used for the creation of a linear hash tree (non-modifiable record). This database contains only information about the provided names and company names, which may or may not correspond to reality and is maintained by the processor for possible re-issuance or verification of the document's issuance.

Rights of the personal data subject

The customer or visitor of this website has the possibility to request information about the processing of personal data, the right to request access to personal data, or the right to request the correction or deletion of any data held about him. In the case of deletion, this requirement cannot be fulfilled only if it is not data strictly necessary in the course of business. The customer or visitor of this website also has the right to obtain explanations regarding the processing of his personal data if he finds out or believes that the processing is carried out in violation of the protection of his private and personal life or in violation of applicable legislation, and the right to request removal of the resulting situation and to ensure the correction.
Furthermore, the customer/visitor of this website may request restriction of processing or object to the processing of personal data and has the right to withdraw his/her consent to the processing of personal data at any time in writing, without prejudice to the lawfulness of their processing prior to such withdrawal. For this purpose, the contact e-mail address support@cryptosession.cz is used.
The customer/visitor has the right to file a complaint against the processing of personal data with the supervisory authority, which is the Office for Personal Data Protection.