Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG document

"Dan Harkins" <> Mon, 15 December 2014 18:55 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 84F081A875A for <>; Mon, 15 Dec 2014 10:55:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4ATDid1EVi-n for <>; Mon, 15 Dec 2014 10:55:32 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 8D4231A8748 for <>; Mon, 15 Dec 2014 10:55:32 -0800 (PST)
Received: from (localhost []) by (Postfix) with ESMTP id EF772A888132; Mon, 15 Dec 2014 10:55:31 -0800 (PST)
Received: from (SquirrelMail authenticated user by with HTTP; Mon, 15 Dec 2014 10:55:32 -0800 (PST)
Message-ID: <>
In-Reply-To: <>
References: <> <>
Date: Mon, 15 Dec 2014 10:55:32 -0800
From: Dan Harkins <>
To: Yoav Nir <>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: "" <>
Subject: Re: [Cfrg] Adoption of draft-ladd-spake2 as a RG document
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 15 Dec 2014 18:55:33 -0000

On Mon, December 15, 2014 3:16 am, Yoav Nir wrote:
> But I would really like to know who needs a PAKE right now. PAKEs require
> the server to store the cleartext password or a password equivalent,
> creating a security issue that is potentially worse than sending cleartext
> passwords through authenticated channels (as in form-based or basic
> authentication to a TLS-protected server)

  Augmented PAKEs do not require a cleartext password. And any
scheme that sent a cleartext password over a TLS connection would
also require "the server to store the cleartext password" so it's not clear
how using a PAKE is "potentially worse".

  The need is illustrated by the fact that the "do not verify server
certificate" or "continue with exchange, I know what I'm doing" check
box exists. In other words, its needed because an authenticated
channel is not a given. Another need can be described by the ever
popular "Use your Facebook credentials to log in", how many people
do you think do? Also, passwords are simple to use and TLS is very
convenient but the world is not all browsers. Furthermore, in the
scheme you are describing there is no guarantee that cleartext
password verification is done on the same box that terminates TLS,
providing another potential for problems.

  Security should be easy to use correctly and hard to use incorrectly.
PAKEs are misuse resistant and they make it hard to use passwords