Re: IETF LC Gen-ART review of draft-harkins-salted-eap-pwd-06 (Dale R. Worley) Fri, 09 September 2016 19:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A669B12B337 for <>; Fri, 9 Sep 2016 12:38:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id OW-j_AzGy0Lq for <>; Fri, 9 Sep 2016 12:38:20 -0700 (PDT)
Received: from ( [IPv6:2001:558:fe21:29:69:252:207:33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D7F1812B203 for <>; Fri, 9 Sep 2016 12:38:19 -0700 (PDT)
Received: from ([]) by with SMTP id iRX6bq6wjTaLwiRcxbocJM; Fri, 09 Sep 2016 19:38:19 +0000
Received: from ([]) by with SMTP id iRcvbafN4DFgBiRcwbyog1; Fri, 09 Sep 2016 19:38:19 +0000
Received: from ( []) by (8.14.7/8.14.7) with ESMTP id u89JcHaD020822; Fri, 9 Sep 2016 15:38:17 -0400
Received: (from worley@localhost) by (8.14.7/8.14.7/Submit) id u89JcHEl020819; Fri, 9 Sep 2016 15:38:17 -0400
X-Authentication-Warning: worley set sender to using -f
From: (Dale R. Worley)
To: Daniel Harkins <>
Subject: Re: IETF LC Gen-ART review of draft-harkins-salted-eap-pwd-06
In-Reply-To: <> (
Sender: (Dale R. Worley)
Date: Fri, 09 Sep 2016 15:38:16 -0400
Message-ID: <>
X-CMAE-Envelope: MS4wfOrG9FqW+CTkVwutcvofJ3Yvr5a0UlWVAw3sLcqzkhrkzJWM+xuOY0fuxDllEfEjIx7Iemp7rRrxJzUbSqKFRgzef+0ydcldQojsuDmLmYfYs0XQtMm/ 5tyPtvFWIE4L7lBcM9t2P8Zp8n54AzOA00NNqCq5cdySn9UyZsoQYjnE8bEgqDa0oFgS8ZWx+CiVGEZrsUvA5+btEHCE792MXqwt5l/KWFw0PKmJwtNUBYy6 /0fIYE+T1xu0DkYNbAK688wCKKVdZm2VGOfH+vYRsIwXXZPUgUmgFsGnXvtb8o/F
Archived-At: <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 09 Sep 2016 19:38:21 -0000

Daniel Harkins <> writes:
>>It might be worth noting that any salted password remote authorization
>>protocol has the same limitation as this draft's method, viz., that
>>disclosure of the hash of the salted password allows an attacker to
>>impersonate a client.  That is, that this method is not somehow
>>deficient because it also has that property.
>   I don't think that is true. The client needs to know the password,
> not the salted
> hash.

Maybe I'm misunderstanding you, but I think you're incorrect.  Indeed,
your draft says 

   the salted password from a compromised database can be used directly
   to impersonate the EAP-pwd client

The reason that this impersonation can be done is that this is a
*remote* authorization protocol, and there is no way for the server to
compel the attacker to hash what the attacker knows with the salt and
then transmit the result.  Whereas in a *local* authorization protocol,
the server compels the user to present the supposed password, and then
the server hashes it with the salt.