Re: [Cfrg] OPAQUE at Facebook

Neil Madden <neil.e.madden@gmail.com> Wed, 28 August 2019 06:15 UTC

Return-Path: <neil.e.madden@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA05712084C for <cfrg@ietfa.amsl.com>; Tue, 27 Aug 2019 23:15:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ja0_PwZAMqPZ for <cfrg@ietfa.amsl.com>; Tue, 27 Aug 2019 23:15:36 -0700 (PDT)
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com [IPv6:2a00:1450:4864:20::42b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F25E31200E0 for <cfrg@irtf.org>; Tue, 27 Aug 2019 23:15:35 -0700 (PDT)
Received: by mail-wr1-x42b.google.com with SMTP id z1so1135545wru.13 for <cfrg@irtf.org>; Tue, 27 Aug 2019 23:15:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=hSYfVsP3wfW3qmCxeU7++oDOwcA72z1hL9sncXMo2jQ=; b=il621UvST58iBF8hdA4Zkqdknmrr1PlYRMYIGblaxYexmuiKJsTI2gDF0Ktm9LCWly JY+QeQhYurar0dqykOlyDhx+ik/5RDlR7JsGYyMdknB0vMYILhHwmmDHTiQX6dHDWPox 2p5HoNbtn6/J/mQluwuD0cGgN6XhM+1RYNM13IOGN06E41TPeO7j6AtaviPEDBe7mMDm 3rGwbXcaE+lp1bsUbTcR5v0WJ1Z2B74AcI09pXaIz7j9i/OQRn60vGVLSyPSrdD7netU vOn5ypyw/bWojuavH1b4SVWuJ03W8WEIUCLWgmwZNMkxQcLTBwRwdUJjfMHu8DakgiGo jleg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=hSYfVsP3wfW3qmCxeU7++oDOwcA72z1hL9sncXMo2jQ=; b=AcQ49vYqojMS5t+IuoA99/EVNZB0bjMsUg8bUjvziHfFmfHEib2WDZWDosQu1qZwf7 cbrjlhxG5rOr59KIWPjAtgriVMUrn2c5K6YXce56CqQmDnOHY/HxzaryzbgH0m968gXW T1kBE8GLsW5ywNPB/1o/+4zCxaYO+JGXo5TFeq7pO3vh6q8gNIuydRu7CEzxDXVoLtks Iyd4sGszr/EXKRtYRPy4hk9CWVr4q6e9dlGAJ74m1ZybtXaqxjLVDv+FTVTfDj94pHsJ w+cBNDByp9CTIAA0oS8GhLDYpEfOsJWGcnHfij8dRsac0n79kvgWXMMthQxKzkqPn1Uz ifbg==
X-Gm-Message-State: APjAAAUkJfvlUWFbHqx/xL8WW4Kj4q59sdmZOChJObKlWmFrrZoSC8ip dpyCHrTwbUciadk6PyZhEsoT8izs/fs=
X-Google-Smtp-Source: APXvYqzVVddszFsd4V9bLj1bZMpliFXwkUY8MW+sMt9tY943ipttUQazGjvrvx7rsHT9YFjDvMWbuQ==
X-Received: by 2002:a5d:404d:: with SMTP id w13mr2287364wrp.253.1566972934122; Tue, 27 Aug 2019 23:15:34 -0700 (PDT)
Received: from [192.168.1.65] (229.249.143.150.dyn.plus.net. [150.143.249.229]) by smtp.gmail.com with ESMTPSA id j20sm3230694wre.65.2019.08.27.23.15.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2019 23:15:33 -0700 (PDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-0EA4A683-33A3-46C2-BAD3-1E4D6EEAE1B5
Mime-Version: 1.0 (1.0)
From: Neil Madden <neil.e.madden@gmail.com>
X-Mailer: iPhone Mail (16G77)
In-Reply-To: <CACitvs_9SoZaG-0ZVNsGgcXJdadYHULVYEOH7VAQFf-VeSwm8Q@mail.gmail.com>
Date: Wed, 28 Aug 2019 07:15:32 +0100
Cc: cfrg@irtf.org
Content-Transfer-Encoding: 7bit
Message-Id: <631A3394-A17D-4414-8CDE-DBED231818E3@gmail.com>
References: <CACitvs_9SoZaG-0ZVNsGgcXJdadYHULVYEOH7VAQFf-VeSwm8Q@mail.gmail.com>
To: Kevin Lewi <klewi@cs.stanford.edu>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Fr8S5cJnhJAyS5oxdteFdM-o9f4>
Subject: Re: [Cfrg] OPAQUE at Facebook
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2019 06:15:39 -0000

Do you need a PAKE for this? Wouldn’t something like SCRAM (https://tools.ietf.org/html/rfc5802) suffice?

— Neil

> On 27 Aug 2019, at 23:05, Kevin Lewi <klewi@cs.stanford.edu>; wrote:
> 
> Hi all,
> 
> At Facebook, we are currently evaluating various methods for improving
> the handling of plaintext user passwords server-side, and one proposal
> which has caught our interest is using an augmented PAKE like OPAQUE
> to completely avoid having the plaintext password sent (over TLS) to
> the server during user login and account registration. Our primary
> motivation is to prevent prior incidents involving the storing of
> plaintext passwords due to logging bugs from ever happening again.
> 
> It is true that we do not need a cryptographic solution to avoid
> logging plaintext passwords, and indeed, we have considered a myriad
> of solutions to prevent such logging, including automated detection
> mechanisms which regularly scan our data warehouse for plaintext
> passwords. Of course, not having access to the plaintext password via
> an augmented PAKE is not only a much cleaner solution, but it also
> provides better guarantees. As a result, we have started to look into
> what it would take to implement OPAQUE as an alternative login
> mechanism for specific apps and supported devices.
> 
> This problem is also not specific to Facebook -- in the past two
> years, Github, Twitter, Google, Robinhood, and Coinbase have all
> reported a similar problem of accidentally logging plaintext
> passwords.
> 
> It would be great to hear from this group on where the community
> stands with the standardization of augmented PAKEs.
> 
> - Kevin
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg