[kitten] SCRAM-SHA512 and SCRAM-SHA3
Simon Josefsson <simon@josefsson.org> Thu, 02 May 2024 08:19 UTC
Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2D90C14F601 for <kitten@ietfa.amsl.com>; Thu, 2 May 2024 01:19:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="4RsmF6np"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="pzStH9Zp"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7U7X-gE9nqPw for <kitten@ietfa.amsl.com>; Thu, 2 May 2024 01:19:50 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFBABC14CE51 for <kitten@ietf.org>; Thu, 2 May 2024 01:19:32 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description; bh=3MgR5XkXsd84YfhdFggdVIVvQHZnATsWQyr86HcwNmg=; t=1714637970; x=1715847570; b=4RsmF6np9OG7R2PXWtZLYZfegB9I//Ic/V36t/R60Z2NzZq GNDZFpCfNdqFKTwC8/D+3TBugvEBvROtBRnlgCw==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID:Date: Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description; bh=3MgR5XkXsd84YfhdFggdVIVvQHZnATsWQyr86HcwNmg=; t=1714637970; x=1715847570; b=pzStH9ZpkwDHZE91/q4XwB6LhXIutTX/XdvmhzvdoMcLOdB QKsybSvRiNVzzkmwcAgoNPyJuAzgLSV4jfnrG0OmRROH0/YrtUW2mXSaXsaJvWCQ6Bb3ECr8Tes9h WXTxXbfeNNV3qsqMS3AEeZD7m8r64XFgfXxUjnfxPERUWlMHiGpznq0dYV++jgLtlMRQmbXkRewVz Mzk3lWp/cCwv0d3cJbicFX64GN6Jq0/U1MegBShWZdEPsAPTBR9OF13oXJLgfjwznpdjkTQaEOGwh 0cqt2uD3clNkNf7lAHQBsgSap/a376cuihr3m6WYSWrMjLHWbZiXTcR5H1zSVxD960kzXniH14Jtb MxsBs3bDfBVnEAk34xn2Ml/ojgPKeBei6AdY8GByDLgWpWW6YOmbJyqTKNVQgCQRtkM15bRzcwU4G P47qokpnB4OsW4edazfckDrN;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=46832 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1s2Rf4-009woJ-82 for kitten@ietf.org; Thu, 02 May 2024 08:19:26 +0000
X-Hashcash: 1:23:240502:kitten@ietf.org::RjR5z57h/o90fgxR:TDFZ
From: Simon Josefsson <simon@josefsson.org>
To: kitten@ietf.org
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
Date: Thu, 02 May 2024 10:19:31 +0200
Message-ID: <87jzkcvd64.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/8glwn28Mm72UhQlOFSy1grYfWJo>
Subject: [kitten] SCRAM-SHA512 and SCRAM-SHA3
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2024 08:19:56 -0000
Hi I'm seeing push on implementers to add support for these variants, and I noticed new drafts were published recently. I want to repeat some earlier concerns. I believe the cost of having these two mechanisms as standard mechanisms in the ecosystem costs more than any advantages we would get out of them. There is still no cryptographic attack on HMAC-MD5, yet alone the HMAC-SHA1 or HMAC-SHA256 that are used in SCRAM-SHA1 and SCRAM-SHA256 that we are still seeing deployment of. Adding SCRAM-SHA512/SHA3 variants create additional requirements on hashed password database formats and APIs, since they are not compatible with SCRAM-SHA1 and SCRAM-SHA256. Parametrization of security protocols and algorithms are generally a bad idea as it adds complexity which reduce security. There is the negotiation interop problem if a server has one credential but not the other for a subset of users. If some people are using these variants, I would agree that having them documented is useful. Then I believe the category should be Informational rather than standards track, and warnings about the problems should be added. /Simon
- [kitten] SCRAM-SHA512 and SCRAM-SHA3 Simon Josefsson