Re: [kitten] SPAKE preauth: generation of SPAKE2 secret input

Benjamin Kaduk <kaduk@MIT.EDU> Thu, 14 May 2015 04:19 UTC

Date: Thu, 14 May 2015 00:19:40 -0400
From: Benjamin Kaduk <kaduk@MIT.EDU>
To: Watson Ladd <watsonbladd@gmail.com>
In-Reply-To: <CACsn0cnO0To1a77x0Tp+Qk414Zv_yqnoC-wuS4vgJbQN+mV+7Q@mail.gmail.com>
Message-ID: <alpine.GSO.1.10.1505140017320.22210@multics.mit.edu>
References: <x7dk2wd6355.fsf@equal-rites.mit.edu> <20150512214740.GT7287@localhost> <1431525091.3260.26.camel@redhat.com> <CACsn0cm9AEG+oi8S+trhvyHpFFLF=-tG4Qazp5e6SgnS037K+Q@mail.gmail.com> <20150513160549.GV7287@localhost> <CACsn0cnO0To1a77x0Tp+Qk414Zv_yqnoC-wuS4vgJbQN+mV+7Q@mail.gmail.com>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/ACE2v6MNPLkjE8Y0cJcsW0LjQS0>
Cc: kitten@ietf.org
Subject: Re: [kitten] SPAKE preauth: generation of SPAKE2 secret input
Precedence: list

On Thu, 14 May 2015, Watson Ladd wrote:

> On May 13, 2015 9:05 AM, "Nico Williams" <nico@cryptonector.com> wrote:
> >
> >
> > That depends on how its salted.  For our purposes, in practice it's not.
>
> Not true: w comes from a much smaller list of values. If it was
> uniformly distributed over a wide range, we could use it as a key
> directly.

In the scheme kitten is considering, w is an existing kerberos long-term
(password-derived) key, so at least 128 bits and with no clear structure.

-Ben

[kitten] SPAKE preauth: generation of SPAKE2 secr… Greg Hudson
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Nico Williams
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Nathaniel McCallum
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Watson Ladd
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Nico Williams
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Watson Ladd
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Benjamin Kaduk
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Benjamin Kaduk
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Nico Williams
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Nico Williams
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Watson Ladd
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Nico Williams
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Nico Williams
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Simo Sorce
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Greg Hudson
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Nico Williams
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Watson Ladd
Re: [kitten] SPAKE preauth: generation of SPAKE2 … Greg Hudson