Re: [IPsec] Password-Based Auth: Two criteria comments

<Black_David@emc.com> Mon, 22 March 2010 21:22 UTC

Return-Path: <Black_David@emc.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CC9483A6977 for <ipsec@core3.amsl.com>; Mon, 22 Mar 2010 14:22:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.667
X-Spam-Level:
X-Spam-Status: No, score=-5.667 tagged_above=-999 required=5 tests=[AWL=-0.198, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fq2UPfn+nZxB for <ipsec@core3.amsl.com>; Mon, 22 Mar 2010 14:22:34 -0700 (PDT)
Received: from mexforward.lss.emc.com (mexforward.lss.emc.com [128.222.32.20]) by core3.amsl.com (Postfix) with ESMTP id 49C053A67E1 for <ipsec@ietf.org>; Mon, 22 Mar 2010 14:19:58 -0700 (PDT)
Received: from hop04-l1d11-si04.isus.emc.com (HOP04-L1D11-SI04.isus.emc.com [10.254.111.24]) by mexforward.lss.emc.com (Switch-3.3.2/Switch-3.1.7) with ESMTP id o2MLK7l2017210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 22 Mar 2010 17:20:07 -0400
Received: from mailhub.lss.emc.com (numailhub.lss.emc.com [10.254.144.16]) by hop04-l1d11-si04.isus.emc.com (RSA Interceptor); Mon, 22 Mar 2010 17:20:06 -0400
Received: from corpussmtp3.corp.emc.com (corpussmtp3.corp.emc.com [10.254.169.196]) by mailhub.lss.emc.com (Switch-3.4.2/Switch-3.3.2mp) with ESMTP id o2MLK6sN024424; Mon, 22 Mar 2010 17:20:06 -0400
Received: from CORPUSMX80B.corp.emc.com ([10.254.89.203]) by corpussmtp3.corp.emc.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 22 Mar 2010 17:20:06 -0400
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 22 Mar 2010 17:20:04 -0400
Message-ID: <C2D311A6F086424F99E385949ECFEBCB01FA6A21@CORPUSMX80B.corp.emc.com>
In-Reply-To: <62327CCC-F66A-401D-A910-60ABE31C84E1@checkpoint.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [IPsec] Password-Based Auth: Two criteria comments
Thread-Index: AcrJ9uxKjj7NyYd5R2aHzHBEM6MADQADYMGA
References: <C2D311A6F086424F99E385949ECFEBCB01FA68F8@CORPUSMX80B.corp.emc.com> <62327CCC-F66A-401D-A910-60ABE31C84E1@checkpoint.com>
From: <Black_David@emc.com>
To: <ynir@checkpoint.com>
X-OriginalArrivalTime: 22 Mar 2010 21:20:06.0143 (UTC) FILETIME=[718158F0:01CACA05]
X-EMM-EM: Active
Cc: ipsec@ietf.org
Subject: Re: [IPsec] Password-Based Auth: Two criteria comments
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Mar 2010 21:22:35 -0000

Yoav,

> IKE already has PSK-based authentication. If my "password" is
> 9975612f178b31164bef5bb672cbeb1db6437d6459ff1d8a17f12ec73fcd5c92, then
I don't need any new-fangled
> mode, because the authentication described in section 2.15 of RFC 4306
is good enough.

If that "password" was generated from a known hash of a low entropy
password with no additional entropy input (this is discussed as a
possibility in Section 2.15 of 4306), that "password" is weak, and
changing the hash to double the length of the output won't strengthen
the result.

> The new mode we're looking for is for giving a little security for
people who use the password
> "yoav71", thinking that nobody would ever guess it.

And I'm suggesting the it may also be usefully applicable to
SHA-1("yoav71") with default padding.

I completely agree that "yoav71" is typical of the most important use
case.  I'm trying to point out that it may not be the only relevant use
case.

Thanks,
--David

> -----Original Message-----
> From: Yoav Nir [mailto:ynir@checkpoint.com]
> Sent: Monday, March 22, 2010 3:36 PM
> To: Black, David
> Cc: ipsec@ietf.org
> Subject: Re: [IPsec] Password-Based Auth: Two criteria comments
> 
> 
> On Mar 22, 2010, at 11:18 AM, <Black_David@emc.com>
<Black_David@emc.com> wrote:
> 
> > Summarizing what I said in the meeting:
> >
> > (1) The performance criteria should include performance with large
complex secrets (e.g., pre-shared
> keys), not just the smaller passwords that people can reasonably be
expected to remember.
> >
> > This is because a password-based authentication mechanism may be
usefully applied to shared secret
> authentication implementations that derive a supposedly strong secret
solely from a password (see the
> discussion of pre-shared key authentication in Section 2.15 of RFC
4306).  Password-based
> authentication would provides some defense against this and other key
generation weaknesses.  The
> original password that was used to generate the shared secret may no
longer be available, so good
> performance on large complex secrets would enable password based
authentication to use the derived
> (supposedly strong) secret as the password.
> 
> IKE already has PSK-based authentication. If my "password" is
> 9975612f178b31164bef5bb672cbeb1db6437d6459ff1d8a17f12ec73fcd5c92, then
I don't need any new-fangled
> mode, because the authentication described in section 2.15 of RFC 4306
is good enough.
> 
> The new mode we're looking for is for giving a little security for
people who use the password
> "yoav71", thinking that nobody would ever guess it.