Re: [Cfrg] OPAQUE at Facebook
Bill Cox <waywardgeek@gmail.com> Wed, 28 August 2019 00:47 UTC
Return-Path: <waywardgeek@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC393120026 for <cfrg@ietfa.amsl.com>; Tue, 27 Aug 2019 17:47:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cyb51vrG9Hir for <cfrg@ietfa.amsl.com>; Tue, 27 Aug 2019 17:47:21 -0700 (PDT)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EDB8120013 for <cfrg@irtf.org>; Tue, 27 Aug 2019 17:47:21 -0700 (PDT)
Received: by mail-lj1-x231.google.com with SMTP id l14so970145lje.2 for <cfrg@irtf.org>; Tue, 27 Aug 2019 17:47:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fWRnE+NzshwnEwMmdhJITgDxYlRfC15ExUlhKGqtkT0=; b=ND5P9kBLwxbiae25gbMjl94NVIVntRv/JSSihdqUEXRmLLhUmd2jONZs2Q3J+e2Dcj EaOrcPE1MFWpfugA+DQeyUtWyqHQq6/j2qvgBYPVv1/y0ftLCUbYk8abNU0+6RcPcG+Z b63gk/cbyh9FK/Fz/b+Lr2ygVfq9xbj4S+CYtbuCLHUZd9Dx/80cI7XP0Gg/mM16SKXc OgxNEsRZeh98Hr8MxqcyXoDkUyw2wJUQYEHBeTKtIBKVrSPmO3/Sih4ing1bdEinuaNh UGW1zmYFfi9Q7I8O27VJhvFrnFwsacwVAVbrK+0j/tylfCbPMFR8cM6boN6idRbpnXbM mjug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fWRnE+NzshwnEwMmdhJITgDxYlRfC15ExUlhKGqtkT0=; b=NwbZZvrekSYuU+CCbE27O8+Ltkuj3vKu2br1dtwoyD2bJBVSNmkMpRVEwo3k4MQwTG mGB4ccEpRaUvs2Ib5G/MqqH2hHzW4jvyjDUpcc8O87/f1vKAQb6vMOnVPF1ld5iRmzVV ZVj8syL6Vbre9/8mVIiS7fFzwd77o2SWwJSLtdeHf1ylREVYWa2J1kFu4Oe0ksQKYI9a 4VJueKEl596SHTF0GAs/0TQXWEkIf4x+eaIulNR0LiAXMaZwCEm+eDEnNQ7Tu3t0qQYf 6gYcKRXMDiRvGXGldqkkK5VSOe1IviqetAtxQDObR7yYEVVey01639o0c063Ufd6sBek FFlw==
X-Gm-Message-State: APjAAAV/h9rk7A7kDpVvGp5kQfS0sjthKXCbr33Xr0OZdAH21CYL2ck2 gM2zJOuuE9/pjS2+3m3VHwqvQUzjIoRRmnvAZq8=
X-Google-Smtp-Source: APXvYqzwJRb6pAkcDrnCt/RgMfLe95VLYu2/fzvSxrF/aW8vD7KuG+wZG7adxk6tX7QhnqOWKOoLutCuJd3JX8OHwws=
X-Received: by 2002:a2e:8705:: with SMTP id m5mr540166lji.9.1566953239131; Tue, 27 Aug 2019 17:47:19 -0700 (PDT)
MIME-Version: 1.0
References: <CACitvs_9SoZaG-0ZVNsGgcXJdadYHULVYEOH7VAQFf-VeSwm8Q@mail.gmail.com>
In-Reply-To: <CACitvs_9SoZaG-0ZVNsGgcXJdadYHULVYEOH7VAQFf-VeSwm8Q@mail.gmail.com>
From: Bill Cox <waywardgeek@gmail.com>
Date: Tue, 27 Aug 2019 17:47:07 -0700
Message-ID: <CAOLP8p64=JRL9nsb+trdowxniBaxmd3yxp=cMX-4BkdM6t0+Xg@mail.gmail.com>
To: Kevin Lewi <klewi@cs.stanford.edu>
Cc: IRTF CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="00000000000032bbae059122bbad"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/73S_oHmmZwUtYLl9MZjXC-tbn_E>
Subject: Re: [Cfrg] OPAQUE at Facebook
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2019 00:47:23 -0000
> > It would be great to hear from this group on where the community > stands with the standardization of augmented PAKEs. > > - Kevin > > I, for one, would say great minds think alike :) The OPAQUE RFC could use some tweeks, but looks pretty strong, IMO. For example they're recommendation of iterating a password hash should be replaced with calling Argon2. Note that Argon2 runs pretty fast in browsers that support web assembly. Password hashing has to be done client-side in OPAQUE, with the possible exception of using Makwa delegated hashing possibly in paraallel with the OPRF round-trip.
- [Cfrg] OPAQUE at Facebook Kevin Lewi
- Re: [Cfrg] OPAQUE at Facebook Bill Cox
- Re: [Cfrg] OPAQUE at Facebook Björn Haase
- Re: [Cfrg] OPAQUE at Facebook david wong
- Re: [Cfrg] OPAQUE at Facebook Stanislav V. Smyshlyaev
- Re: [Cfrg] OPAQUE at Facebook Neil Madden
- Re: [Cfrg] OPAQUE at Facebook Kathleen Moriarty
- Re: [Cfrg] OPAQUE at Facebook Bill Cox
- Re: [Cfrg] OPAQUE at Facebook Bill Cox
- Re: [Cfrg] OPAQUE at Facebook Kathleen Moriarty
- Re: [Cfrg] OPAQUE at Facebook Kevin Lewi
- Re: [Cfrg] OPAQUE at Facebook Kevin Lewi
- Re: [Cfrg] OPAQUE at Facebook Bill Cox