Re: [kitten] [saag] AD sponsoring draft-hansen-scram-sha256

Sam Whited <sam@samwhited.com> Wed, 18 February 2015 12:58 UTC

Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A25C1A1A9A for <kitten@ietfa.amsl.com>; Wed, 18 Feb 2015 04:58:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dDvdZuMrnbPc for <kitten@ietfa.amsl.com>; Wed, 18 Feb 2015 04:58:31 -0800 (PST)
Received: from mail-qg0-x22b.google.com (mail-qg0-x22b.google.com [IPv6:2607:f8b0:400d:c04::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 934EE1A1ACC for <kitten@ietf.org>; Wed, 18 Feb 2015 04:58:27 -0800 (PST)
Received: by mail-qg0-f43.google.com with SMTP id i50so644716qgf.2 for <kitten@ietf.org>; Wed, 18 Feb 2015 04:58:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; s=swgoo; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=qZHGLYKv3Qd4bSALEINcFelyyLSeIqoiShDEAuS/P+w=; b=ydE2EB7HA3zwlQzqPnEGTvdRLu2ohiZ6ARWMBo9Ma/BjI2Bx48Md2XihVVjlgmh+ag eVieU8qIWrwDK9jWkm5FbSi4t1Q+1CLPzBV88gTgIHcTszQgz0/RW/mGowX59hgTNqGc YwrXMGK8D93l/2iqc2T9x0QaU+3fhZH/c4+tA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=qZHGLYKv3Qd4bSALEINcFelyyLSeIqoiShDEAuS/P+w=; b=HPksi602WIKMdMbQMC58ke7WPbomFn4L2tzsde0Ies9HzQxSA0fHZB4xZyRNWHFUDi frpFiOn2v4d06uSDuz1bx4nERKzeK4B9j72y/HCxY5cUv1Cs5LFvnXLgsdY2yqgPvGLO uIs2PdEhhlgqDQmzkSitZ2YW6gcL9dZvW/7H6T8tx1UL8J1ClCYaxPeNZUx7Ob/JPgkP DgfOQ9O1aAHCR6U5ld59HyYJJgFESDLhr6DECw60lqNR8kbuixU6DdXCwrbglMhUZWaT l6xJHltRnPmC0Ik9qAvXKEhlDSkJ7hym7fxBkkcwQ3MPZnbCcjAb/vOb/x8lneg6y8gl 2YSg==
X-Gm-Message-State: ALoCoQly3XH/h+9S7aVEk7IkshpD3JeR9JQRAs0hx8YKp+ZHryjfAaqROYOETCmdGlOUzINOZFiM
X-Received: by 10.229.216.130 with SMTP id hi2mr657282qcb.4.1424264306770; Wed, 18 Feb 2015 04:58:26 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.22.51 with HTTP; Wed, 18 Feb 2015 04:57:46 -0800 (PST)
X-Originating-IP: [75.117.16.85]
In-Reply-To: <CAKHUCzyUwQgEzmoFJnq-jpZzKyapG+Q8S5=nkE_=fqY+RKNSTw@mail.gmail.com>
References: <54DC00D0.2050900@cs.tcd.ie> <87r3tqqj9y.fsf@latte.josefsson.org> <54E1D009.2050408@isode.com> <CAKHUCzyUwQgEzmoFJnq-jpZzKyapG+Q8S5=nkE_=fqY+RKNSTw@mail.gmail.com>
From: Sam Whited <sam@samwhited.com>
Date: Wed, 18 Feb 2015 07:57:46 -0500
Message-ID: <CAHbk4RJ=Hg_EscFeFWQko2WHSLreioz_sUj1E746EOtCDLDPTw@mail.gmail.com>
To: Dave Cridland <dave@cridland.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/A9qTO2zHhcNXfYPHyg2zeils-Qo>
Cc: kitten@ietf.org, "http-auth@ietf.org" <http-auth@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Subject: Re: [kitten] [saag] AD sponsoring draft-hansen-scram-sha256
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Feb 2015 12:58:33 -0000

On Mon, Feb 16, 2015 at 6:21 AM, Dave Cridland <dave@cridland.net> wrote:
> Worth asking in the XSF, there's likely to be implementation experience from
> the Android client devs there.

I wrote the SCRAM-SHA-1 implementation in Conversations. While I don't
remember actual numbers off the top of my head, I can definitely tell
you that there is a noticable delay with a 4096 iteration count
(probably a little over half a second) on my HTC m7 (which is fairly
beefy as far as phones go). HOWEVER—

> However, clients need only do the iterations once, if the salt is stable, at
> least in principle.

—since we then store the session information in an LRU Cache in
memory, it's only slow when you first login. I've thought about moving
the session info to the database as well to make it even more
persistant, but decided it wasn't enough of a problem to bother
polluting the database.

Best,
Sam


-- 
Sam Whited
pub 4096R/54083AE104EA7AD3
https://blog.samwhited.com