IETF Logo Mail Archive

Re: [Emu] salted EAP-pwd

"Dan Harkins" <dharkins@lounge.org> Tue, 30 September 2014 23:24 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D4931ACD1E for <emu@ietfa.amsl.com>; Tue, 30 Sep 2014 16:24:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HlQkP9VgQYFn for <emu@ietfa.amsl.com>; Tue, 30 Sep 2014 16:24:44 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 730FF1ACD15 for <emu@ietf.org>; Tue, 30 Sep 2014 16:24:44 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 1D7A01022404C; Tue, 30 Sep 2014 16:24:44 -0700 (PDT)
Received: from 104.36.248.10 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Tue, 30 Sep 2014 16:24:44 -0700 (PDT)
Message-ID: <dc89a9b829a387162e216e7170678a35.squirrel@www.trepanning.net>
In-Reply-To: <0e3a01cfdcf3$cdca13d0$695e3b70$@augustcellars.com>
References: <e000123dbf6d5c42568d26464ed55a08.squirrel@www.trepanning.net> <0e3a01cfdcf3$cdca13d0$695e3b70$@augustcellars.com>
Date: Tue, 30 Sep 2014 16:24:44 -0700
From: Dan Harkins <dharkins@lounge.org>
To: Jim Schaad <ietf@augustcellars.com>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: http://mailarchive.ietf.org/arch/msg/emu/GFRJ_NoMjM3nA0Y3eNzkgN99Rpc
Cc: emu@ietf.org
Subject: Re: [Emu] salted EAP-pwd
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2014 23:24:46 -0000

  Hi Jim,

On Tue, September 30, 2014 2:16 pm, Jim Schaad wrote:
> I can see two problems right off the bat.
>
> 1.  It does not allow me to use a different salted method for different
> people so I can upgrade by salt function piecemeal.

  Sure it does. The EAP-Identity/Response from the client will indicate
the identity, the server looks up that identity in the password database,
sees how it's salted and responds appropriately. One entry in the database
could be SHA-1 and another could be SHA-256.

> 2.  It does not allow me to do both SASLprep and salting on the same
> password.

  Yes, I see that might be needed if SASLprep was done on the password
before it was salted and stored. Given that SASLprep is already a password
pre-processing technique (and it is the value 0x02 while "none" is 0x00
preventing the distinction being a low-order bit) I see no choice but to
double all the proposed salting indicators, one for SASLprep before the
hashing and one for do nothing to the password before hashing.

  Would that be satisfactory to you?

  regards,

  Dan.

> Jim
>
>
> -----Original Message-----
> From: Emu [mailto:emu-bounces@ietf.org] On Behalf Of Dan Harkins
> Sent: Tuesday, September 30, 2014 12:02 PM
> To: emu@ietf.org
> Subject: [Emu] salted EAP-pwd
>
>
>   Hello EMU,
>
>   I've had requests to add support for salted password databases to
> EAP-pwd.
> A newly posted draft does just that:
>
>    http://tools.ietf.org/html/draft-harkins-salted-eap-pwd-00
>
>   Please take a look and comment.
>
>   regards,
>
>   Dan.
>
>
>
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
>
>

v2.23.0 | Report a Bug | By Email