Re: [Cfrg] [saag] New draft: Hashed Password Exchange

Steven Bellovin <smb@cs.columbia.edu> Wed, 04 January 2012 22:56 UTC

Return-Path: <smb@cs.columbia.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E163E11E80B6; Wed, 4 Jan 2012 14:56:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id woq8L7Cyj8ss; Wed, 4 Jan 2012 14:56:12 -0800 (PST)
Received: from tarap.cc.columbia.edu (tarap.cc.columbia.edu [128.59.29.7]) by ietfa.amsl.com (Postfix) with ESMTP id 962CF11E80C5; Wed, 4 Jan 2012 14:56:11 -0800 (PST)
Received: from [192.168.2.166] (74-92-112-54-Philadelphia.hfc.comcastbusiness.net [74.92.112.54]) (user=smb2132 mech=PLAIN bits=0) by tarap.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id q04Mu9sE012435 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 4 Jan 2012 17:56:10 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=iso-8859-1
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <4F04D0CD.9010807@isi.edu>
Date: Wed, 4 Jan 2012 17:56:08 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <95A30BC1-F5F8-4937-AE41-08BF92B5BBB5@cs.columbia.edu>
References: <583849CD-D0AD-4792-8894-04598898BA0F@cs.columbia.edu> <4F04D0CD.9010807@isi.edu>
To: Joe Touch <touch@ISI.EDU>
X-Mailer: Apple Mail (2.1251.1)
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.68 on 128.59.29.7
Cc: cfrg@irtf.org, saag@ietf.org
Subject: Re: [Cfrg] [saag] New draft: Hashed Password Exchange
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2012 22:56:13 -0000

Good point; let me think about it for -01.  An obvious solution is to send
the hostname with the effective password.

On Jan 4, 2012, at 5:21 01PM, Joe Touch wrote:

> Hi, Steve,
> 
> This doc doesn't appear to address the case where a host has multiple DNS names, which could make it difficult to incorporate the hostname into the transform. I.e., I could contact a mail server at an IP address that represents any of dozens of DNS names - how does the server know which one I used so it can match without exhaustively trying all its equivalent names?
> 
> Joe
> 
> On 1/4/2012 1:41 PM, Steven Bellovin wrote:
>> I'd appreciate comments on my new draft, draft-bellovin-hpw-00.txt:
>> 
>> Abstract
>> 
>>    Many systems (e.g., cryptographic protocols relying on symmetric
>>    cryptography) require that plaintext passwords be stored.  Given how
>>    often people reuse passwords on different systems, this poses a very
>>    serious risk if a single machine is compromised.  We propose a scheme
>>    to derive passwords limited to a single machine from a typed
>>    password, and explain how a protocol definition can specify this
>>    scheme.
>> 
>> 
>> 		--Steve Bellovin, https://www.cs.columbia.edu/~smb
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> saag mailing list
>> saag@ietf.org
>> https://www.ietf.org/mailman/listinfo/saag
> 


		--Steve Bellovin, https://www.cs.columbia.edu/~smb