Re: [Cfrg] I-D Action: draft-irtf-cfrg-augpake-05.txt
Michael Scott <mike.scott@miracl.com> Fri, 22 January 2016 18:14 UTC
Return-Path: <mike.scott@miracl.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B56651B2B52 for <cfrg@ietfa.amsl.com>; Fri, 22 Jan 2016 10:14:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fppac22__-U7 for <cfrg@ietfa.amsl.com>; Fri, 22 Jan 2016 10:14:00 -0800 (PST)
Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 084B81B2B50 for <cfrg@ietf.org>; Fri, 22 Jan 2016 10:13:59 -0800 (PST)
Received: by mail-io0-x231.google.com with SMTP id 1so96225948ion.1 for <cfrg@ietf.org>; Fri, 22 Jan 2016 10:13:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=miracl-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=c4JybdkTZ7GDaPtCyTp1+329WgSjqGGEmR2l0fCw184=; b=tI+8BF6RIIUU3m3e7mdagBikykwJ2Jdpn3Ud4RUfDrEqKgrnhDMRdwx0JrZMKAQydV iwEbaHdX2Iqh+dC6DQHcyd/k+O5QPQd5qs6CtNLAtYhg145x0ITelZLr/Aij0SJhjtxk vEqW2nurMCd/Nf7YbK4bnokT3Hlz3xWD2iepsqG/48ly9vZcTBSA/ypJnpCH5U8ivIPk g739Beva8+FspWJ5sAD+T5q+KczNS4j2dfHaCf1JykhmdQ1YJVarntgDpbBzmnDjZ6WQ 8WXAWlpNvklpvSi88CEiv/fG7khxog+0QgkH9dsuxucg+fpWQKtKAKDlwNP6Fsou5mUT Od8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=c4JybdkTZ7GDaPtCyTp1+329WgSjqGGEmR2l0fCw184=; b=exILMDxU27dpKHJFyr7FuDv3t5HRZbfzz7WCYV4p9AwY8iRh0P6wPyTCsgAJmQ/6Nk U/YB5Iq8SVvWXGnDBYyj7Szrd2M9EReIy5I5coxybYSdsiWZA5+97QlvFOfVIRtML4rN FIuJ1UvOhJz030W2nz28h+03J22xe4vh1JBhO61yJZcDQF0H1Q+SQyq3IOftDIdW2xg9 2yWY+OM9zViayPDGEmkhSR5ttOLI72jgKtLMddlHYUs9qpw/LHTeaaADXJJoAe0gYBSg vkvwVasCNA2aVUkU3bGHc6OQdFFmjpbduRyf2mCid+TOb7r4V9z+mNxTiz1g5f0SB40+ 5BuQ==
X-Gm-Message-State: AG10YOQEguvq9EpBJE+bLEM86Eyy4UxncgCaOgFqczlggMd9Wq1IL4cdanlvvhoadQkdxvqTOXarZIca3PwRGYzg
MIME-Version: 1.0
X-Received: by 10.107.162.146 with SMTP id l140mr4613515ioe.123.1453486439337; Fri, 22 Jan 2016 10:13:59 -0800 (PST)
Received: by 10.36.127.16 with HTTP; Fri, 22 Jan 2016 10:13:59 -0800 (PST)
In-Reply-To: <CAEseHRrvP45kJZ4oQhNpStH+V4j7GK6p15Zj0tiLD73pGGdgSA@mail.gmail.com>
References: <20160122011355.8950.66996.idtracker@ietfa.amsl.com> <CAEseHRrvP45kJZ4oQhNpStH+V4j7GK6p15Zj0tiLD73pGGdgSA@mail.gmail.com>
Date: Fri, 22 Jan 2016 18:13:59 +0000
Message-ID: <CAEseHRrkYFLMvW1HOm9M_daWYt0UnR27Ykhwugwe7AwFypf5QQ@mail.gmail.com>
From: Michael Scott <mike.scott@miracl.com>
To: cfrg@ietf.org
Content-Type: multipart/alternative; boundary="001a1140f704e735f80529f02e5c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/4tQTwdx364HFCicveD3_SLuiSug>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-augpake-05.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2016 18:14:01 -0000
Oops my mistake, no that attack doesn't work. Thanks to Rene Struik for pointing out my mistake. Mike On Fri, Jan 22, 2016 at 1:17 PM, Michael Scott <mike.scott@miracl.com> wrote: > Appears to be a small weakness here, assuming that the actual password w > is used "the binary representation of the processed UTF-8 character > string" > > A false server who wants to eliminate some password guesses from their > list, responds with > > Y=(X^y.g^(w*r*y))^n where they wish to eliminate passwords w,2w,3w,... nw > > The user responds with a hash of known quantities, plus Y^{1/(x+wr)} = > g^{ny} > > The false server drops the link, and offline checks for the correct value > of n. If its not there, then w,2w,3w,.. nw can be eliminated. > > > Mike > > On Fri, Jan 22, 2016 at 1:13 AM, <internet-drafts@ietf.org> wrote: > >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Crypto Forum Working Group of the IETF. >> >> Title : Augmented Password-Authenticated Key Exchange >> (AugPAKE) >> Authors : SeongHan Shin >> Kazukuni Kobara >> Filename : draft-irtf-cfrg-augpake-05.txt >> Pages : 20 >> Date : 2016-01-21 >> >> Abstract: >> This document describes a secure and highly-efficient augmented >> password-authenticated key exchange (AugPAKE) protocol where a user >> remembers a low-entropy password and its verifier is registered in >> the intended server. In general, the user password is chosen from a >> small set of dictionary whose space is within the off-line dictionary >> attacks. The AugPAKE protocol described here is secure against >> passive attacks, active attacks and off-line dictionary attacks (on >> the obtained messages with passive/active attacks). Also, this >> protocol provides resistance to server compromise in the context that >> an attacker, who obtained the password verifier from the server, must >> at least perform off-line dictionary attacks to gain any advantage in >> impersonating the user. The AugPAKE protocol is not only provably >> secure in the random oracle model but also the most efficient over >> the previous augmented PAKE protocols (SRP and AMP). >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-irtf-cfrg-augpake/ >> >> There's also a htmlized version available at: >> https://tools.ietf.org/html/draft-irtf-cfrg-augpake-05 >> >> A diff from the previous version is available at: >> https://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-augpake-05 >> >> >> Please note that it may take a couple of minutes from the time of >> submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> Cfrg mailing list >> Cfrg@irtf.org >> https://www.irtf.org/mailman/listinfo/cfrg >> > >
- [Cfrg] I-D Action: draft-irtf-cfrg-augpake-05.txt internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-augpake-05… Michael Scott
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-augpake-05… Michael Scott
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-augpake-05… Mike Hamburg