Re: [Cfrg] OPAQUE at Facebook

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 28 August 2019 13:46 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84BAB120059 for <cfrg@ietfa.amsl.com>; Wed, 28 Aug 2019 06:46:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oa34inVugTub for <cfrg@ietfa.amsl.com>; Wed, 28 Aug 2019 06:46:46 -0700 (PDT)
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A44D1120041 for <cfrg@irtf.org>; Wed, 28 Aug 2019 06:46:46 -0700 (PDT)
Received: by mail-ot1-x336.google.com with SMTP id c34so2794971otb.7 for <cfrg@irtf.org>; Wed, 28 Aug 2019 06:46:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qMiYTtkLwl16U98wYK4muvYn8Wg5W3H79PzJDKL6Okk=; b=WTekFJ8Bzm1ArMJF/jXIxthWZBrBwq3L4VFmTpmSD88QkpPH6Mt69tC/MkBB92FTsI OOuUDnwa2UFGd+t5AIaHiERdUf1fwqaVAk0dzl/pMOoMrjJhqvLA90icaSIXMuynx/f5 vDDM2Nn8NlATgFjvkcCuXjgqLEgAD8XDJyit1hk+kystd/bbj3mJQ1D8GEgLu4P+dNWz ipbuvu+muIDPc37exM5Uco57YwRfo1yoNAdS1f4710mTLpEPQeUUPbExUr77Qib3TEfp VyPVRHC6TdjPohbHApvkiOtqRtMO1HvUflAYx86IZxNgPVEFZ3rr7MC6xjiuR5Vm58ex mG2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qMiYTtkLwl16U98wYK4muvYn8Wg5W3H79PzJDKL6Okk=; b=PGp2Bp23b3GTXA6Cs9rqqC28LW/kCnJrULc5OvEfdl6iKIy0DVuVUqqSSXldQj1vpH PolN4kgwFoTXLAz/RUDYv7HdeiDkJyTFWDXxevkxVB5wQyQZb8tG+K9nrwQjnHFLtKAw p5/4HNz8JKo8PAaYCtwmmGm3VAqQ+KGyj98CY3r3IXhY5LhKGXJj0Af+ss+DnDQqqo4D tXzla4adzx1wME9nJi+hiykMDYSpX96vHIowCAElAIFF2OPNLWt32FAnNWJ9PJZBrztF zkS14GtebxTAxFHJOW/HmqtfZ0SbLNVL1HCmBwRLgi0WrHKn62HJpuZwszYGn4tZZdhb F1Gw==
X-Gm-Message-State: APjAAAUau9CzZ87XXKTnBEEZC7AokZ/5K2+RNSdLMoWJFfc/kNOabQUG Kuu3ra6dFOpDycWf9st6wz5Wh7rdt3zs+qmbNYU=
X-Google-Smtp-Source: APXvYqwK8Du/q/wCY9xMAMJC05LIrFZqKCvf6diSCYRMJyJZNSuSb1+tlEvcsFtgfteGaoiIPjdUb6vjXgunPlcOm58=
X-Received: by 2002:a05:6830:1611:: with SMTP id g17mr3307159otr.224.1567000006089; Wed, 28 Aug 2019 06:46:46 -0700 (PDT)
MIME-Version: 1.0
References: <CACitvs_9SoZaG-0ZVNsGgcXJdadYHULVYEOH7VAQFf-VeSwm8Q@mail.gmail.com> <631A3394-A17D-4414-8CDE-DBED231818E3@gmail.com>
In-Reply-To: <631A3394-A17D-4414-8CDE-DBED231818E3@gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Wed, 28 Aug 2019 09:46:10 -0400
Message-ID: <CAHbuEH7zg-9DKFS=p1LeR23pmGrxBzq_PP-WbdyD74At8UpSvA@mail.gmail.com>
To: Neil Madden <neil.e.madden@gmail.com>
Cc: Kevin Lewi <klewi@cs.stanford.edu>, cfrg@irtf.org
Content-Type: multipart/alternative; boundary="000000000000b9f39005912d9e15"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/rQx8GiRBt7iEa0MycWqfigdh_so>
Subject: Re: [Cfrg] OPAQUE at Facebook
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2019 13:46:49 -0000

On Wed, Aug 28, 2019 at 2:15 AM Neil Madden <neil.e.madden@gmail.com> wrote:

> Do you need a PAKE for this? Wouldn’t something like SCRAM (
> https://tools.ietf.org/html/rfc5802) suffice?
>

Or HOBA https://tools.ietf.org/html/rfc7486.  Both were experimental drafts
in HTTP-bis looking to solve the password problem.  HOBA also worried about
it on the server side and uses raw public keys to eliminate use of
passwords.

-Kathleen


> — Neil
>
> On 27 Aug 2019, at 23:05, Kevin Lewi <klewi@cs.stanford.edu> wrote:
>
> Hi all,
>
> At Facebook, we are currently evaluating various methods for improving
> the handling of plaintext user passwords server-side, and one proposal
> which has caught our interest is using an augmented PAKE like OPAQUE
> to completely avoid having the plaintext password sent (over TLS) to
> the server during user login and account registration. Our primary
> motivation is to prevent prior incidents involving the storing of
> plaintext passwords due to logging bugs from ever happening again.
>
> It is true that we do not need a cryptographic solution to avoid
> logging plaintext passwords, and indeed, we have considered a myriad
> of solutions to prevent such logging, including automated detection
> mechanisms which regularly scan our data warehouse for plaintext
> passwords. Of course, not having access to the plaintext password via
> an augmented PAKE is not only a much cleaner solution, but it also
> provides better guarantees. As a result, we have started to look into
> what it would take to implement OPAQUE as an alternative login
> mechanism for specific apps and supported devices.
>
> This problem is also not specific to Facebook -- in the past two
> years, Github, Twitter, Google, Robinhood, and Coinbase have all
> reported a similar problem of accidentally logging plaintext
> passwords.
>
> It would be great to hear from this group on where the community
> stands with the standardization of augmented PAKEs.
>
> - Kevin
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>


-- 

Best regards,
Kathleen