[Cfrg] 2^40. I can't exhibit it, but it exists. -> Re: I-D Action: draft-irtf-cfrg-dragonfly-03.txt
Paul Lambert <paul@marvell.com> Tue, 04 February 2014 08:05 UTC
Return-Path: <paul@marvell.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C2801A039E for <cfrg@ietfa.amsl.com>; Tue, 4 Feb 2014 00:05:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.566
X-Spam-Level:
X-Spam-Status: No, score=-1.566 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOXbC8uZUAqf for <cfrg@ietfa.amsl.com>; Tue, 4 Feb 2014 00:05:10 -0800 (PST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by ietfa.amsl.com (Postfix) with ESMTP id 4247B1A039C for <cfrg@ietf.org>; Tue, 4 Feb 2014 00:05:10 -0800 (PST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.14.5/8.14.5) with SMTP id s14857j7023175; Tue, 4 Feb 2014 00:05:07 -0800
Received: from sc-owa03.marvell.com ([199.233.58.149]) by mx0b-0016f401.pphosted.com with ESMTP id 1ht9vbj3w5-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 04 Feb 2014 00:05:07 -0800
Received: from SC-vEXCH2.marvell.com ([10.93.76.134]) by SC-OWA03.marvell.com ([fe80::4561:8e1c:d59b:f770%17]) with mapi; Tue, 4 Feb 2014 00:05:05 -0800
From: Paul Lambert <paul@marvell.com>
To: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 04 Feb 2014 00:05:03 -0800
Thread-Topic: 2^40. I can't exhibit it, but it exists. -> Re: [Cfrg] I-D Action: draft-irtf-cfrg-dragonfly-03.txt
Thread-Index: Ac8hf8/qKkaIxOGURdevsGykHSz3Tg==
Message-ID: <CF15D9D2.2E696%paul@marvell.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
acceptlanguage: en-US
Content-Type: multipart/alternative; boundary="_000_CF15D9D22E696paulmarvellcom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-02-04_02:2014-02-03, 2014-02-04, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1402030256
Cc: "cfrg@ietf.org" <cfrg@ietf.org>, David McGrew <mcgrew@cisco.com>
Subject: [Cfrg] 2^40. I can't exhibit it, but it exists. -> Re: I-D Action: draft-irtf-cfrg-dragonfly-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Feb 2014 08:05:11 -0000
> A proof might be desirable but should not block the use of a proposed protocol. > For example there is no adequate proof that integer factorization is “secure”. > This is not a reason to stop using RSA based algorithms. The lack of > a complete security proof for draft-irtf-cfrg-dragonfly-03.txt should not > stop it’s use (in fact it’s already in other standards that would benefit > from the analysis and improvements of this group). But there is a proof that OAEP has a reduction to RSA security. PKCS 1.5 had no proof, and got broken a few times. RSA has been intensively studied for decades, dragonfly hasn't. Slight variants of RSA (Rabin-Williams) are provably reducible to factoring, an extensively studied problem for centuries. You missed the point. The difficulty of factoring as a problem to build secure systems is not provable. . . . > Watson, in your technical analysis of the > protocol in its current form (draft-irtf-cfrg-dragonfly-03.txt), > can you identify any exploitable security flaw specific to > the protocol? Yes: an algorithm exists that guesses passwords in time 2^40. I can't exhibit it, but it exists. JPAKE doesn't have this issue. I will take your answer as a ‘no’ - you are unable to identify any exploitable security flaw with draft-irtf-cfrg-dragonfly-03.txt Making such repeated and adversarial negative pronouncements on a technical topic without documentation or your own demonstrable analysis would be considered by some to be unprofessional behavior. Paul
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… David McGrew
- [Cfrg] 2^40. I can't exhibit it, but it exists. -… Paul Lambert
- Re: [Cfrg] 2^40. I can't exhibit it, but it exist… Paul Lambert