IETF Logo Mail Archive

Re: [Emu] [saag] Feedback on Salted EAP draft

Joseph Salowey <joe@salowey.net> Mon, 17 August 2015 04:33 UTC

Return-Path: <joe@salowey.net>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C42C61A039A for <emu@ietfa.amsl.com>; Sun, 16 Aug 2015 21:33:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nHeP83VW9wW9 for <emu@ietfa.amsl.com>; Sun, 16 Aug 2015 21:33:18 -0700 (PDT)
Received: from mail-lb0-f181.google.com (mail-lb0-f181.google.com [209.85.217.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C78311A0390 for <emu@ietf.org>; Sun, 16 Aug 2015 21:33:17 -0700 (PDT)
Received: by lbbsx3 with SMTP id sx3so74472825lbb.0 for <emu@ietf.org>; Sun, 16 Aug 2015 21:33:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=WdOi5+tEa6h/Je+EHrTpwErIniwYnhMBMR2mVfMD300=; b=Dv1vqkreF5ZXhc+ztC2btolx3H++ejgawyu8c89je5PRleV0zCCK1wTYRfSRxR4yWU AOnypOk3Gq3sR4GITfaQEhpBrruO/FRv2JP889mWCu1u+AOGtGhNyNvcVn+N3u1RHeSm DoYbG5r22VhcW9YMW1Q8FeYHclKX0rJp1IHW+mMp2ka9wWGWpx/rOvVtpo1NRVsdj0uu jkGuyc1faylfpNGi0YKz5RsXmdq55NBiBIANcvHpQwxZDjXVry4hVjEFPNLjCSCt5lO1 m+7gjKkz6pk+Rk+dDqZAp8uBEiqFnXbGV7gpqoyhG/FyZFd8KbG/R1D/BU+dsVSJFK2X kP4A==
X-Gm-Message-State: ALoCoQldEK4iYixVJE90LSIUe5DTZG1kDuD/EQT5H2bUKhBCxwhHRr2HVjupq19wISaTOUrCW6py
MIME-Version: 1.0
X-Received: by 10.112.142.196 with SMTP id ry4mr54085692lbb.68.1439785996265; Sun, 16 Aug 2015 21:33:16 -0700 (PDT)
Received: by 10.112.122.17 with HTTP; Sun, 16 Aug 2015 21:33:16 -0700 (PDT)
In-Reply-To: <449964e467e0347db185eb787db71efd.squirrel@www.trepanning.net>
References: <CAHbuEH5u=Q_h4L4yNdrpPw1J3fAsr1MfEMBV84TgdnHVWcxX0w@mail.gmail.com> <CAHbuEH4--TP0duM-8GSaR4RaUG5DoL=QtnCFE3shHbaUNPvwVg@mail.gmail.com> <tsloane9wff.fsf@mit.edu> <CAHbuEH5cGW3pknnwseEnp=mqzrMLPFBh-bN4pd2wKKDgpS08wQ@mail.gmail.com> <DM2PR0301MB06558BFBD0251595A3B4B0B9A89B0@DM2PR0301MB0655.namprd03.prod.outlook.com> <449964e467e0347db185eb787db71efd.squirrel@www.trepanning.net>
Date: Sun, 16 Aug 2015 21:33:16 -0700
Message-ID: <CAOgPGoB_EEZEi0_SsFyq2jWkWvb7TM9tSN40UO52DGjH42YkLw@mail.gmail.com>
From: Joseph Salowey <joe@salowey.net>
To: Dan Harkins <dharkins@lounge.org>
Content-Type: multipart/alternative; boundary="089e0112bf7edc4370051d7a4ce2"
Archived-At: <http://mailarchive.ietf.org/arch/msg/emu/wUYlraCNkPxJ1KET2ptIq0AYJ_M>
Cc: Christian Huitema <huitema@microsoft.com>, Sam Hartman <hartmans-ietf@mit.edu>, "saag@ietf.org" <saag@ietf.org>, "emu@ietf.org" <emu@ietf.org>
Subject: Re: [Emu] [saag] Feedback on Salted EAP draft
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2015 04:33:19 -0000

Hi Dan,

I read the latest version of the draft (-02) and it looks mostly good to
me.   some comments:

I think you want to change the RFC references in the abstract from RFC 2751
to RFC 2759.

One question I have is there any reason why you specify the input of the
hash function as password | salt instead of the other way around?  Is this
the way it is done in practice?

Thanks,

Joe

On Thu, Aug 13, 2015 at 2:35 PM, Dan Harkins <dharkins@lounge.org> wrote:

>
>   Hi Christian,
>
> On Tue, July 14, 2015 10:50 am, Christian Huitema wrote:
> [snip]
> > The draft is short and clear enough, but it acknowledges a pretty big
> > security issue: "the salted
> > password from a compromised database can be used directly to impersonate
> > the client-- there
> > is no dictionary attack needed to recover the plaintext password."
> >
> > That's a pretty big caveat, but there are still some advantages over
> > operating with unsalted passwords. The draft aligns server side password
> > management for EAP-pwd  with standard industry practices, which is good.
> > In case of server compromise, the immediate effect of the compromise is
> an
> > attack on the already compromised server, and the per-user salt make
> > password discovery harder. The security section should be expanded to
> > explain this tradeoff.
>
>   Yes, it's a big caveat and, as I mentioned, I'm trying to
> be as blunt as possible about it. I have updated the Security
> Considerations to include the point you are making about server
> compromise and the per-user salt still making password recovery
> harder.
>
> > Nits:
> >
> > - in the abstract, missing "not" in " but did (not?) include support for
> > salted passwords."
>
>   Nice catch.
>
>   An -02 version has been posted. Would you please take a look
> and let me know whether it satisfactorily addresses your comments?
>
>   regards,
>
>   Dan.
>
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag
>

v2.23.0 | Report a Bug | By Email