Re: [CFRG] Attack on a Real World SPAKE2 Implementation
steve@tobtu.com Fri, 07 May 2021 15:45 UTC
Return-Path: <steve@tobtu.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E65493A2703 for <cfrg@ietfa.amsl.com>; Fri, 7 May 2021 08:45:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.917
X-Spam-Level:
X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AdNtOi04oJP3 for <cfrg@ietfa.amsl.com>; Fri, 7 May 2021 08:45:52 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.197]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E497B3A273A for <cfrg@irtf.org>; Fri, 7 May 2021 08:45:51 -0700 (PDT)
Received: from oxuslxaltgw11.schlund.de ([10.72.76.67]) by mrelay.perfora.net (mreueus003 [74.208.5.2]) with ESMTPSA (Nemesis) id 0M2bMR-1lM8sE0eH7-00sMGt; Fri, 07 May 2021 17:45:43 +0200
Date: Fri, 07 May 2021 10:45:41 -0500
From: steve@tobtu.com
To: Ruben Gonzalez <in+lists@ruben-gonzalez.de>, cfrg@irtf.org
Cc: rixxc@redrocket.club
Message-ID: <736794875.32663.1620402341358@email.ionos.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.4-Rev22
X-Originating-Client: open-xchange-appsuite
X-Provags-ID: V03:K1:pPFUjvDSaQb51HUJtDUIJARWjQl/O8Aw/anSBTmkD3Yx1b3XmCu ZTW2v2YUvwP7aRzmMxzqauaEVUabXDAIr5rw6TIL97H5ZIbZKFkJLJQ6ouUw27vJXT1CyIE JKEaiT+66bHwEHacmWVRvL05X+HYPG69BqOfd08y0hqPWwdGCxWxvtZ2yreW7z/QUJAnhxN VmpS3bC7SQY60dDbWAAgw==
X-UI-Out-Filterresults: notjunk:1;V03:K0:94pfrSFg46k=:tWBruoC8Uz2vAILB1wuVVU j3OX5HbWM3Lsa/xga3wJnyHBoKfFaotTtdaErL5onhTKVYoka2jkhamNsvIWJqLr/ZB9Pcsca Q0Vfiv5wEbP5HkFh8ZSN6CEsWT/gOFGmE/FGF+xrrxBTzm6uBXxBRa7GwmGwHhDkKOQnZzi/A 2MI9c7dqPlI+Aa3PFXQGv9xD6z4NA1gQcYKF/dptDQN2VAuIaSkPqvf4IMnXrtAhp4OIMOqs9 LM6t+Mos5dJ6PYe28OqqfAgC/Kb9SCrDYIoA4LscyHpBmB6fUVhL7r7Xyhgj73RHdGEfsL3HH loQ3e3pWZJNmjYXPs043ysuj4bZO70UqFjDidk1sO7iMlMBdWgkEcTv5NliY+5kjcLjRR8H4Z irGSYoelho5gGTHrmdRIbhW+d4OCUYpKF88Erl24lzuu9RPoPCXXwStRkHMM87KGLrEXCkK8t QK6EwvRecZae19WqM+RbNxp35AUmg05fRsE2RdDi1pKGCCzh1tTfznK9nmGQiqTI8+ASVD8nI S8CIRITCuz5Yt25v63ZKtY=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/JYIUts7Den0rZOUgRxJFByywumw>
Subject: Re: [CFRG] Attack on a Real World SPAKE2 Implementation
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2021 15:46:06 -0000
My guess is they got M and N wrong. Ah they got M and N wrong oh and [redacted]... wait they didn't fix [redacted]. This is still broken. OK I guess it's theoretically broken: 5 racks of computers breaks a PAKE exchange on average every 4 days. There's a better method but I don't think it works in this case. P.S. I sent him an email. So it should be fixed soon. > On 05/07/2021 2:24 AM Ruben Gonzalez <in+lists@ruben-gonzalez.de> wrote: > > > Hello CFRGers, > > this is my first time posting on the mailing list. In case this is the > wrong place for such a message, I apologize. > > Aaron Kaiser (in CC) and I wrote a detailed blog post about a > vulnerability Aaron found in a real world SPAKE2 implementation. > > The blog post "Croc Full Plaintext Recovery - CVE-2021-31603" can be > found here: https://redrocket.club/posts/croc/. > > We did not attack SPAKE2 directly, but a faulty implementation. The blog > post might still be relevant for authors of the standard, since it shows > how developers can easily misunderstand it. > > For questions or additional information, just drop us an email. > > Kind regards, > > Ruben Gonzalez > > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [CFRG] Attack on a Real World SPAKE2 Implementati… Ruben Gonzalez
- Re: [CFRG] Attack on a Real World SPAKE2 Implemen… Peter Gutmann
- Re: [CFRG] Attack on a Real World SPAKE2 Implemen… steve
- Re: [CFRG] Attack on a Real World SPAKE2 Implemen… Dan Harkins
- Re: [CFRG] Attack on a Real World SPAKE2 Implemen… Filippo Valsorda
- Re: [CFRG] Attack on a Real World SPAKE2 Implemen… steve
- Re: [CFRG] Attack on a Real World SPAKE2 Implemen… Watson Ladd
- Re: [CFRG] Attack on a Real World SPAKE2 Implemen… Björn Haase
- Re: [CFRG] Attack on a Real World SPAKE2 Implemen… steve
- Re: [CFRG] Attack on a Real World SPAKE2 Implemen… Loup Vaillant-David
- Re: [CFRG] Attack on a Real World SPAKE2 Implemen… Filippo Valsorda
- [CFRG] Modifying SPAKE2 draft for more curves (wa… Watson Ladd
- Re: [CFRG] Modifying SPAKE2 draft for more curves… Hao, Feng
- Re: [CFRG] Modifying SPAKE2 draft for more curves… Hao, Feng