Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-03.txt
Alex Elsayed <eternaleye@gmail.com> Fri, 19 February 2016 23:27 UTC
Return-Path: <giic-cfrg@m.gmane.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 002CA1B2FF5 for <cfrg@ietfa.amsl.com>; Fri, 19 Feb 2016 15:27:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.957
X-Spam-Level:
X-Spam-Status: No, score=0.957 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, FSL_HELO_BARE_IP_2=1.499, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_NUMERIC_HELO=1.164, RP_MATCHES_RCVD=-0.006, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CC6fyL9Vub1D for <cfrg@ietfa.amsl.com>; Fri, 19 Feb 2016 15:27:03 -0800 (PST)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4DCBD1A8A46 for <cfrg@irtf.org>; Fri, 19 Feb 2016 15:27:03 -0800 (PST)
Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <giic-cfrg@m.gmane.org>) id 1aWuRw-0005JE-B1 for cfrg@irtf.org; Sat, 20 Feb 2016 00:27:00 +0100
Received: from 50.245.141.73 ([50.245.141.73]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <cfrg@irtf.org>; Sat, 20 Feb 2016 00:27:00 +0100
Received: from eternaleye by 50.245.141.73 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <cfrg@irtf.org>; Sat, 20 Feb 2016 00:27:00 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: cfrg@irtf.org
From: Alex Elsayed <eternaleye@gmail.com>
Date: Fri, 19 Feb 2016 23:26:50 +0000
Lines: 69
Message-ID: <na88bq$psp$1@ger.gmane.org>
References: <20160215145643.14144.52226.idtracker@ietfa.amsl.com> <56C1FB64.1080309@mit.edu> <na713j$kqr$1@ger.gmane.org> <CACsn0cmyGA_QLWx+xYn3VGibdmqD+r+XFg6HVV4yGL4FvgODWg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: 50.245.141.73
User-Agent: Pan/0.139 (Sexual Chocolate; GIT bf56508 git://git.gnome.org/pan2)
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/z-pA-hjniOEOtJ7o7BPYE51fLNs>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2016 23:27:05 -0000
Sent a first-cut PR for the code (is Brian Warner's repository the correct one? I saw it linked from your github) that would benefit from some review; where's the text of the draft so I can do up a patch for that? I didn't see it on your github or Brian Warner's. On Fri, 19 Feb 2016 10:24:41 -0800, Watson Ladd wrote: > Write the code and the text, and if I can run it, it goes in. > > On Fri, Feb 19, 2016 at 4:16 AM, Alex Elsayed <eternaleye@gmail.com> > wrote: >> On Mon, 15 Feb 2016 11:23:00 -0500, Greg Hudson wrote: >> >>> On 02/15/2016 09:56 AM, internet-drafts@ietf.org wrote: >>>> Filename : draft-irtf-cfrg-spake2-03.txt >>> >>> I am pleased to see progress on this draft. >>> >>> The formatting of the new formula for K' in section 2.2 is a little >>> off in its use of whitespace. >>> >>> SPAKE2+ doesn't use w0 or w1 in the derivation of K'. Obviously it >>> can't use w1 as B doesn't have it, but can we call this an augmented >>> version of SPAKE2 if it more closely resembles SPAKE1? Should it use >>> w0? >>> >>> The description of SPAKE2+ still refers to "Bob" in one place. >>> >>> In section 3, the formatting of the Python code is mangled. Calls to >>> ec.canon_pointstr() should be changed to canon_pointstr() since you've >>> defined that as a function. >>> >>> In section 3, the description of the algorithm still doesn't match the >>> actual algorithm used, although it's closer some details. The first >>> mismatch comes from these two passages: >>> >>> This string is turned into an infinite sequence of bytes by >>> hashing with SHA256, and hashing that output again to generate the >>> next 32 bytes, and so on. >>> >>> If this is impossible, then the next non-overlapping segment of >>> sufficient length is taken. >>> >>> The actual algorithm doesn't use non-overlapping segments of an >>> infinite sequence of bytes; instead it uses overlapping concatenations >>> of hash blocks for successive trials. For P-521, the first trial uses >>> H1|H2|H3 (where H1 is hash of the string, H2 is the hash of H1, etc.) >>> truncated to 65 bytes; the second trial uses H2|H3|H4 truncated, etc.. >> >> OOI, why not use HKDF, with the string as the IKM? Personally, I'd much >> prefer that to inventing Yet Another Ad-Hoc Way To Extract Arbitrary- >> Length Randomness. >> >> >>> The second mismatch comes from this passage: >>> >>> We multiply that point by the cofactor h, and if that is not the >>> identity, output it. >>> >>> The Python code multiplies the point by the generator order (p), and >>> if that *is* the identity, outputs the point. The difference is that >>> the Python code discards points of order 2p, 4p, ..., hp. This >>> difference is irrelevant for P-256 and P-521 which have cofactor 1. >> >> >> _______________________________________________ >> Cfrg mailing list Cfrg@irtf.org >> https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] I-D Action: draft-irtf-cfrg-spake2-03.txt internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-03.… Greg Hudson
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-03.… Alex Elsayed
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-03.… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-03.… Alex Elsayed
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-spake2-03.… Adam Langley