Re: [Cfrg] OPAQUE at Facebook

david wong <davidwong.crypto@gmail.com> Wed, 28 August 2019 04:25 UTC

Return-Path: <davidwong.crypto@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2E2112081D for <cfrg@ietfa.amsl.com>; Tue, 27 Aug 2019 21:25:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uJ5PfkYsxxkl for <cfrg@ietfa.amsl.com>; Tue, 27 Aug 2019 21:25:48 -0700 (PDT)
Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80293120807 for <cfrg@irtf.org>; Tue, 27 Aug 2019 21:25:48 -0700 (PDT)
Received: by mail-pf1-x434.google.com with SMTP id c81so800525pfc.11 for <cfrg@irtf.org>; Tue, 27 Aug 2019 21:25:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=QRgvJ/ZNzNPpGthXmpuZWKKn3db4F2NArFs4UyZp6BA=; b=VrsYVAb/jszDyqzZL7C9BqOzTznDZnIrb/K/5XoD9TUbgUhSbQDgEy1FVcwdpZBSoQ xsIMt1VsEkH+3lV/brUQIUY1AWazfTiRgs67bk/1NQcMOG0clPCIQ+7jG1IvIN+1TMIJ VAyptzNlmPLcSwHV2YrNvbh1GhCsCvyiGz/Cx4YV4UfNerOprjqelnYCT5AOM2FNUZ1r VSSQKqOK/mo4e/NQaIlI64/dw+XgJLWjHNcSlIz9+mRTWC8fgp0ThwemdXql4HNg0HXT 65RKyzoQMk6eFYir6kLyubHJF3JmMszezhEvm8Sd21gPU14qAP36mvuKTwvxxwLzTjPW YSFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=QRgvJ/ZNzNPpGthXmpuZWKKn3db4F2NArFs4UyZp6BA=; b=XPtawg8ouRV5bubzPwRWa0qr6z+nPoRZCv7ZxzIGFchfUYWp4fLMwTIR9Wjq287vfQ DIIWAA9TvFKVcEIAvyIAqpu1lz9cm9EIbUVI5TTgeADf68jgTkbOpnU4qe79CxGoI8cQ 6hhuRSYkV26lek0phEckcwZGW57cJZY2wSMCAsHtTWsiGCZ4HNl4wQ3Reboc3oeo+OuT wGhEmRQXduVUG0Y3FTiqhHdnbyMN/6AF//W0zXc1TR9mYLW4HZSQvFesjtSRgI3K7nDq In5qNL6syMc2N9DiQnJ1Tc15cqiKMZl4ibUGyVWBFLLw2ICiVB7bl6w3v4lzivNqfV4O lwnA==
X-Gm-Message-State: APjAAAWch1LSGaisQiF50zMa6NB5c7pNdA2MNLigZADH+0dHEEoA4VI9 XYbOM3+qJJyxSFoM150M45vCjziN
X-Google-Smtp-Source: APXvYqyvWplQTeprxWTlftk6OkSOD/GnH9UpnNoaBmF/X7Ugp7R/XUfsFjKpbQ0aUcs4Jz7e4tYnkg==
X-Received: by 2002:a63:c70d:: with SMTP id n13mr1708736pgg.171.1566966347258; Tue, 27 Aug 2019 21:25:47 -0700 (PDT)
Received: from ?IPv6:2601:645:4000:7a8a:3964:d0aa:294f:efa3? ([2601:645:4000:7a8a:3964:d0aa:294f:efa3]) by smtp.gmail.com with ESMTPSA id e3sm755328pjr.9.2019.08.27.21.25.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 27 Aug 2019 21:25:46 -0700 (PDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-DDDC3E79-FE62-4918-AB3F-24D5F2C8AC73
Mime-Version: 1.0 (1.0)
From: david wong <davidwong.crypto@gmail.com>
X-Mailer: iPhone Mail (16G77)
In-Reply-To: <VI1PR0501MB225546F17933D62CA6587CF183A30@VI1PR0501MB2255.eurprd05.prod.outlook.com>
Date: Tue, 27 Aug 2019 21:25:45 -0700
Cc: Bill Cox <waywardgeek@gmail.com>, Kevin Lewi <klewi@cs.stanford.edu>, IRTF CFRG <cfrg@irtf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <BCA185D1-1830-4CC7-80FF-0D6B4BE62497@gmail.com>
References: <CACitvs_9SoZaG-0ZVNsGgcXJdadYHULVYEOH7VAQFf-VeSwm8Q@mail.gmail.com> <CAOLP8p64=JRL9nsb+trdowxniBaxmd3yxp=cMX-4BkdM6t0+Xg@mail.gmail.com> <VI1PR0501MB225546F17933D62CA6587CF183A30@VI1PR0501MB2255.eurprd05.prod.outlook.com>
To: =?utf-8?Q?Bj=C3=B6rn_Haase?= <bjoern.haase@endress.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/q7ptpufvrjmAjN9V4m0ahl3Wwlk>
Subject: Re: [Cfrg] OPAQUE at Facebook
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2019 04:25:51 -0000

What about balloon hashing? It's compactness is very attractive. 

David

> On Aug 27, 2019, at 8:18 PM, Björn Haase <bjoern.haase@endress.com>; wrote:
> 
> Hi to all,
>  
> as one of the ones who nominated a candidate for augmented PAKE (AuCPace) I can confirm that the CFRG reviewers are presently very active and reviewing e.g. the proof strategies in detail. I agree that memory-hard password hashing should be used (in my proposal, I have suggested scrypt, but Argon2 is also a decent choice).
>  
> I also agree that we should really have a standardized protocol that mandates use of strong password hashes also for applications such as social media.
>  
> Yours,
>  
> Björn.
>  
> Von: Cfrg <cfrg-bounces@irtf.org>; Im Auftrag von Bill Cox
> Gesendet: Mittwoch, 28. August 2019 02:47
> An: Kevin Lewi <klewi@cs.stanford.edu>;
> Cc: IRTF CFRG <cfrg@irtf.org>;
> Betreff: Re: [Cfrg] OPAQUE at Facebook
>  
> It would be great to hear from this group on where the community
> stands with the standardization of augmented PAKEs.
> 
> - Kevin
> 
>  
> I, for one, would say great minds think alike :)  The OPAQUE RFC could use some tweeks, but looks pretty strong, IMO.  For example  they're recommendation of iterating a password hash should be replaced with calling Argon2.  Note that Argon2 runs pretty fast in browsers that support web assembly.  Password hashing has to be done client-side in OPAQUE, with the possible exception of using Makwa delegated hashing possibly in paraallel with the OPRF round-trip.
> 
> Mit freundlichen Grüßen I Best Regards
> 
> Dr. Björn Haase
> 
> Senior Expert Electronics | TGREH Electronics Hardware
> Endress+Hauser Conducta GmbH+Co.KG | Dieselstrasse 24 | 70839 Gerlingen | Germany
> Phone: +49 7156 209 377 | Fax: +49 7156 209 221
> bjoern.haase@endress.com | www.conducta.endress.com 
> 
> Endress+Hauser Conducta GmbH+Co.KG
> Amtsgericht Stuttgart HRA 201908
> Sitz der Gesellschaft: Gerlingen
> Persönlich haftende Gesellschafterin:
> Endress+Hauser Conducta
> Verwaltungsgesellschaft mbH
> Sitz der Gesellschaft: Gerlingen
> Amtsgericht Stuttgart HRA 201929
> Geschäftsführer: Dr. Manfred Jagiella
> 
> Gemäss Datenschutzgrundverordnung sind wir verpflichtet, Sie zu informieren, wenn wir personenbezogene Daten von Ihnen erheben.
> 
> Dieser Informationspflicht kommen wir mit folgendem Datenschutzhinweis nach.
> 
>  
> 
> Disclaimer:
> 
> The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged
> material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities
> other than the intended recipient is prohibited. If you receive this in error, please contact the sender and delete the material from any computer.
> This e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer unless explicitly and conspicuously designated or stated as such.
> 
>  
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg