Re: [kitten] [saag] AD sponsoring draft-hansen-scram-sha256

Dave Cridland <dave@cridland.net> Mon, 16 February 2015 11:21 UTC

Return-Path: <dave@cridland.net>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF0E91A8825 for <kitten@ietfa.amsl.com>; Mon, 16 Feb 2015 03:21:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.378
X-Spam-Level:
X-Spam-Status: No, score=-1.378 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLyHyyqZ1lG5 for <kitten@ietfa.amsl.com>; Mon, 16 Feb 2015 03:21:36 -0800 (PST)
Received: from mail-ob0-x230.google.com (mail-ob0-x230.google.com [IPv6:2607:f8b0:4003:c01::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96FA61A882A for <kitten@ietf.org>; Mon, 16 Feb 2015 03:21:34 -0800 (PST)
Received: by mail-ob0-f176.google.com with SMTP id wo20so41161740obc.7 for <kitten@ietf.org>; Mon, 16 Feb 2015 03:21:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=wgyXFE5xwyGIhKJiS4fp1H4E3c6EICG4Fgz5lzKMPAw=; b=JjR9sU3mxf3nYJQhDweL0DazRsbcWKsnw0pvph2t8LxRdA7WCfMk9kw+3JMz+gIxZa mE8/usiyrpoR4+fc9uMxMgvQdg2TS8BU8SBoD2OmDp+/prmgoOUva3tNjPpTHoejHFPL Q2OfGOg/UpYQ2wt8/vD2Zi/CE8zevNQUHLT3I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=wgyXFE5xwyGIhKJiS4fp1H4E3c6EICG4Fgz5lzKMPAw=; b=ZMGjqTVMYRUmbSoU4RR3OjO7wDmXSdgNwWGVAxr/04YlelZPV0ZSw7LHZrCncDA4V3 Vs6QWRYPZE+k0NnduTXl5TssmzKiBjKHL9extacVhp79n/8rT7hMpFCj80Kd3PSeI3y+ wHm4CDrT8YDdZ2LKz/dazNivczizyip+N6CaGxyJ8wieyLVwnkLolj6YhNTxC3WtxTEL +EGtiDOdgqQsmA+W8Ud3YnpjTm/4faucTwEpBuaf8XGyLC6key77IPKa/lbh6Qfl1j5G Cjnu8md6OR9Q+c5zbDgaO7+dhKHlogR427cU6HNRMLoUJ/jcL23pYIUw+kjq0pQOMCTs q+0w==
X-Gm-Message-State: ALoCoQn54mDhMLR+Ve0EiyTw+m1xSeghdbIqD4MIYij5x5Y9SuEE/ucSBua7cTGspgI3fmdF0iWC
MIME-Version: 1.0
X-Received: by 10.202.52.215 with SMTP id b206mr14131825oia.31.1424085693831; Mon, 16 Feb 2015 03:21:33 -0800 (PST)
Received: by 10.60.77.71 with HTTP; Mon, 16 Feb 2015 03:21:33 -0800 (PST)
Received: by 10.60.77.71 with HTTP; Mon, 16 Feb 2015 03:21:33 -0800 (PST)
In-Reply-To: <54E1D009.2050408@isode.com>
References: <54DC00D0.2050900@cs.tcd.ie> <87r3tqqj9y.fsf@latte.josefsson.org> <54E1D009.2050408@isode.com>
Date: Mon, 16 Feb 2015 11:21:33 +0000
Message-ID: <CAKHUCzyUwQgEzmoFJnq-jpZzKyapG+Q8S5=nkE_=fqY+RKNSTw@mail.gmail.com>
From: Dave Cridland <dave@cridland.net>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Content-Type: multipart/alternative; boundary=001a113cd412e936aa050f32c9c1
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/1cDdIzldWOGE8KRruKq2zPWIWsI>
Cc: kitten@ietf.org, "http-auth@ietf.org" <http-auth@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [kitten] [saag] AD sponsoring draft-hansen-scram-sha256
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Feb 2015 11:21:38 -0000

On 16 Feb 2015 11:10, "Alexey Melnikov" <alexey.melnikov@isode.com> wrote:
>
> Hi Simon,
>
> On 16/02/2015 09:48, Simon Josefsson wrote:
>  [snip]
>
>> A suggested (not even mandated) pbkdf iteration count of at least 4096
>> is unchanged since RFC 5802 -- I'd really like to see that be
>> significantly higher.  Back in 2000 an iteration count of 1000 was
>> recommended as the minimum.  Surely computational power has increased
>> more than a factor of four since then.
>
> I've heard complains from developers that 4096 with SHA-1 is too high for
current Android phones. It would be good to get more information on
performance before changing the number.
>

Worth asking in the XSF, there's likely to be implementation experience
from the Android client devs there.

However, clients need only do the iterations once, if the salt is stable,
at least in principle.

>
>
> _______________________________________________
> Kitten mailing list
> Kitten@ietf.org
> https://www.ietf.org/mailman/listinfo/kitten