Re: [Cfrg] [saag] New draft: Hashed Password Exchange
"Dan Harkins" <dharkins@lounge.org> Sat, 07 January 2012 09:03 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D3BB21F8572 for <cfrg@ietfa.amsl.com>; Sat, 7 Jan 2012 01:03:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.147
X-Spam-Level:
X-Spam-Status: No, score=-5.147 tagged_above=-999 required=5 tests=[AWL=-0.082, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_44=0.6, J_CHICKENPOX_48=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wz8iv5FfC76l for <cfrg@ietfa.amsl.com>; Sat, 7 Jan 2012 01:03:29 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 12BA321F8570 for <cfrg@irtf.org>; Sat, 7 Jan 2012 01:03:26 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 671131022404A; Sat, 7 Jan 2012 01:03:25 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Sat, 7 Jan 2012 01:03:25 -0800 (PST)
Message-ID: <1c680c52d4a354cdeda0a39e9cc47d32.squirrel@www.trepanning.net>
In-Reply-To: <95A30BC1-F5F8-4937-AE41-08BF92B5BBB5@cs.columbia.edu>
References: <583849CD-D0AD-4792-8894-04598898BA0F@cs.columbia.edu> <4F04D0CD.9010807@isi.edu> <95A30BC1-F5F8-4937-AE41-08BF92B5BBB5@cs.columbia.edu>
Date: Sat, 07 Jan 2012 01:03:25 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Steven Bellovin <smb@cs.columbia.edu>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: cfrg@irtf.org, saag@ietf.org
Subject: Re: [Cfrg] [saag] New draft: Hashed Password Exchange
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jan 2012 09:03:29 -0000
On Wed, January 4, 2012 2:56 pm, Steven Bellovin wrote: > Good point; let me think about it for -01. An obvious solution is to send > the hostname with the effective password. How is that different than using random salt then? If _something_ is going to be sent shouldn't it be a uniformly random bitstring instead of a hostname? A uniformly random bitstring would be more appropriate as a key to HMAC than a highly structured string like a password too. Iterate HMAC(salt, password | service-URI) instead of HMAC(password, service-URI). That said, goal 4 in the draft-- "By iterating a sufficient number of times, dictionary attacks can be made arbitrarily expensive"-- seems a bit misguided. The Amazon cloud service has been used to launch an off-line dictionary attack against the WPA-PSK protocol which uses PBKDF2 (HMAC-SHA1) with 4096 iterations to obfuscate a password. This attack checks 24,000,000 candidate passwords per minute at a cost of $0.28. That's more than 1,600,000,000 iterations per second for about 1/2 a cent. So I don't think increased iteration makes dictionary attacks much more expensive. Which begs the question, how is this proposal different than PBKDF2? That the "salt" is a service URI? regards, Dan. > On Jan 4, 2012, at 5:21 01PM, Joe Touch wrote: > >> Hi, Steve, >> >> This doc doesn't appear to address the case where a host has multiple >> DNS names, which could make it difficult to incorporate the hostname >> into the transform. I.e., I could contact a mail server at an IP address >> that represents any of dozens of DNS names - how does the server know >> which one I used so it can match without exhaustively trying all its >> equivalent names? >> >> Joe >> >> On 1/4/2012 1:41 PM, Steven Bellovin wrote: >>> I'd appreciate comments on my new draft, draft-bellovin-hpw-00.txt: >>> >>> Abstract >>> >>> Many systems (e.g., cryptographic protocols relying on symmetric >>> cryptography) require that plaintext passwords be stored. Given how >>> often people reuse passwords on different systems, this poses a very >>> serious risk if a single machine is compromised. We propose a >>> scheme >>> to derive passwords limited to a single machine from a typed >>> password, and explain how a protocol definition can specify this >>> scheme. >>> >>> >>> --Steve Bellovin, https://www.cs.columbia.edu/~smb >>> >>> >>> >>> >>> >>> _______________________________________________ >>> saag mailing list >>> saag@ietf.org >>> https://www.ietf.org/mailman/listinfo/saag >> > > > --Steve Bellovin, https://www.cs.columbia.edu/~smb > > > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag >
- [Cfrg] New draft: Hashed Password Exchange Steven Bellovin
- Re: [Cfrg] [saag] New draft: Hashed Password Exch… Steven Bellovin
- Re: [Cfrg] [saag] New draft: Hashed Password Exch… Steven Bellovin
- Re: [Cfrg] [saag] New draft: Hashed Password Exch… Yaron Sheffer
- Re: [Cfrg] [saag] New draft: Hashed Password Exch… Blumenthal, Uri - 0668 - MITLL
- Re: [Cfrg] [saag] New draft: Hashed Password Exch… Dan Harkins
- [Cfrg] 答复: Re: [saag] New draft: Hashed Password … zhou.sujing
- [Cfrg] 答复: Re: [saag] New draft: Hashed Password … zhou.sujing
- Re: [Cfrg] 答复: Re: [saag] New draft: Hashed Passw… Blumenthal, Uri - 0668 - MITLL
- Re: [Cfrg] 答复: Re: [saag] New draft: Hashed Passw… Rose, Greg
- Re: [Cfrg] 答复: Re: [saag] New draft: Hashed Passw… Blumenthal, Uri - 0668 - MITLL
- [Cfrg] 答复: Re: 答复: Re: [saag] New draft: Hashed P… zhou.sujing
- Re: [Cfrg] ´ð¸´: Re: ´ð¸´: Re: [saag] New draft: … Dan Harkins
- Re: [Cfrg] ´ð¸´: Re: ´ð¸´: Re: [saag] New draft: … Steven Bellovin
- Re: [Cfrg] 答复: Re: [saag] New draft: Hashed Passw… Igoe, Kevin M.
- Re: [Cfrg] 答复: Re: [saag] New draft: Hashed Passw… Blumenthal, Uri - 0668 - MITLL
- Re: [Cfrg] ´ð¸´: Re: ´ð¸´: Re: [saag] New draft: … Henry B. Hotz
- Re: [Cfrg] [saag] New draft: Hashed Password Exch… Yaron Sheffer
- Re: [Cfrg] [saag] New draft: Hashed Password Exch… Steven Bellovin
- [Cfrg] 答复: Re: ´ð¸´: Re: ´ð¸´: Re: [saag] New dra… zhou.sujing
- Re: [Cfrg] 答复: Re: ´ð¸´: Re: ´ð¸´: Re: [saag] New… Steven Bellovin
- Re: [Cfrg] [saag] New draft: Hashed Password Exch… Steven Bellovin