[CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13
"Riad S. Wahby" <riad@cmu.edu> Fri, 24 May 2024 14:52 UTC
Return-Path: <rswatjfet.org@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AEF0C1C3D4A for <cfrg@ietfa.amsl.com>; Fri, 24 May 2024 07:52:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZWF6cXRVOop for <cfrg@ietfa.amsl.com>; Fri, 24 May 2024 07:51:59 -0700 (PDT)
Received: from mail-oi1-f169.google.com (mail-oi1-f169.google.com [209.85.167.169]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 53AC3C1E0D77 for <cfrg@irtf.org>; Fri, 24 May 2024 07:51:59 -0700 (PDT)
Received: by mail-oi1-f169.google.com with SMTP id 5614622812f47-3c99aec9598so3908961b6e.0 for <cfrg@irtf.org>; Fri, 24 May 2024 07:51:59 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716562318; x=1717167118; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=erLgByL8hJ8WEm4gE++af6skEEWubN20EtqbdSxawhI=; b=CrK3M883eEAP76ZGn0FuctXCGy8NMcCu4nBzNRkJLTSSrTx6orpsVC3JV4u01E+LHj pX1N997I0SyAlwx1z9hJFfDFauwR8quin+YkL0hVX/2IULXncstQnz7syuteTTSufsY2 CDKp4rqyCWpcOvq05tkYh3RQ5x5rEbQgMPJYenuBFsKYzVrejiZ7bQncDzNlCsuOlvkr y/Mv1wc5XCF2yeayIFuXjWaWq6Pn0FYrA4yW74TKQCnRyODqUn1I+74jJREvPay5s+FS mltOBjjkUR1zexy4VmoVTCVpv/A7/68YzcMJqZxd/voYHQyrZDa4J4X+jWlInbVXCGzr 0BMQ==
X-Forwarded-Encrypted: i=1; AJvYcCUEUuOcPb/Tfr7r0AD5FW1EDS3/dbxgIk4IHBR7hapGfegy3iECmdP/kqgfYZT71aFFK1lwCxi0QqWwh0mD
X-Gm-Message-State: AOJu0Yzmwao5dqjPuNH4CkttYXgTYCY7IKVCi/587rsK4E/M2Ey4pUFz BiHDxRtlgmbYtEQ2hkN+ZdT1IvB7fI+s06NYMDSwowNuIRvTVSdzcwFQiQ==
X-Google-Smtp-Source: AGHT+IGA4BwVrGnbfm/5G5HjGpfqz/8Gy7rmd/Fp4Lf4Tm56CI8N9+s8lUtCB289PyeSPgxHJJ+6Ug==
X-Received: by 2002:a05:6808:11c7:b0:3c7:41ba:102f with SMTP id 5614622812f47-3d1a63f2e0fmr2802530b6e.34.1716562318337; Fri, 24 May 2024 07:51:58 -0700 (PDT)
Received: from localhost ([71.116.60.198]) by smtp.gmail.com with ESMTPSA id af79cd13be357-794abca84e7sm70181685a.23.2024.05.24.07.51.57 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 24 May 2024 07:51:58 -0700 (PDT)
Date: Fri, 24 May 2024 10:51:57 -0400
From: "Riad S. Wahby" <riad@cmu.edu>
To: "Hao, Feng" <Feng.Hao@warwick.ac.uk>
Message-ID: <2dhbnlfzwgllzqc7farahxqkct3zqcoi7wdj7vybivlzzwxrei@e7phsvy5i6ae>
References: <CADi0yUNbiVTe9BaoCFgDaTC06Z1LMAx6q2hJDiWydpy6xFqtRQ@mail.gmail.com> <GV1PR01MB8436B6B6B75DEBC9F1FB30A9D6EA2@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CADi0yUNCkk8Y5dQJH6DjR33cP7KXXrQsmHfA0UDRxjGuoXCaLA@mail.gmail.com> <GV1PR01MB8436DBCC8F5B167B0B44490AD6EA2@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CADi0yUPcyc9oSM4NqWynkWuTPStnD9yqt4XwmAg7c=XjCtik4A@mail.gmail.com> <GV1PR01MB84364908B61E293E46012214D6EB2@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <CADi0yUOtSBmCnQMP-MoyzzxF6LZQcrKfo03sN2cNuO6MS74NAg@mail.gmail.com> <GV1PR01MB84361129416DC8B621CAAEDFD6F42@GV1PR01MB8436.eurprd01.prod.exchangelabs.com> <y5y4iquyvrao7jtpyc2ycjtz4sg5dbzhrhddz5j6rv3eydyd2o@zy65yreteuoh> <GV1PR01MB8436B919FE24E2E022639155D6F52@GV1PR01MB8436.eurprd01.prod.exchangelabs.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <GV1PR01MB8436B919FE24E2E022639155D6F52@GV1PR01MB8436.eurprd01.prod.exchangelabs.com>
Message-ID-Hash: 5ZR72YHNIHYXU3KNVI4IWPDFLI7YY3C2
X-Message-ID-Hash: 5ZR72YHNIHYXU3KNVI4IWPDFLI7YY3C2
X-MailFrom: rswatjfet.org@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Kevin Lewi <lewi.kevin.k@gmail.com>, IRTF CFRG <cfrg@irtf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
Hello Feng, "Hao, Feng" <Feng.Hao@warwick.ac.uk> wrote: > @Riad, please note that the undetectable online dictionary attack is > different from the (standard) online dictionary attack. The "completely > standard attack detection heuristic" applies to the latter only. This is false. Your "undetectable online dictionary attack" is just a marketing term that's used to make a minor optimization sound important. Of course it's detectable, and in exactly the same way that all online attacks are detectable: the server just counts all authentication attempts against the rate limit, whether they drop out before completion or not. As I previously argued, that's the correct behavior no matter which PAKE you use; it completely dispenses with your "undetectable" attack; and by the way it is already standard practice. If there's something to be added to the Security Considerations of OPAQUE (and indeed, any PAKE document), it's just this: authentication attempts must be strictly rate limited because passwords are subject to guessing. That's been the completely standard advice roughly forever, but it doesn't hurt to remind the reader lest they become confused by silly marketing. Let's please stop flogging this dead horse. The concern trolling over easily detected "undetectable" attacks has long since become embarrassing. -=rsw
- [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Russ Housley
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 steve
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Stefan Santesson
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Riad S. Wahby
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 stef
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Riad S. Wahby
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 stefan marsiske
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Riad S. Wahby
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Campagna, Matthew
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 steve
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 steve
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- Re: [CFRG] RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Watson Ladd
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Eric Rescorla
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Eric Rescorla
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hugo Krawczyk
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Eric Rescorla
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Hao, Feng
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Watson Ladd
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Christopher Patton
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Christopher Patton
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Kevin Lewi
- [CFRG] Re: RGLC on draft-irtf-cfrg-opaque-13 Stanislav V. Smyshlyaev