IETF Logo Mail Archive

Re: [kitten] I-D: Best practices for password hashing and storage

Sam Whited <sam@samwhited.com> Wed, 06 May 2020 17:35 UTC

Return-Path: <sam@samwhited.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52D723A08F6 for <kitten@ietfa.amsl.com>; Wed, 6 May 2020 10:35:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=samwhited.com header.b=z7tpsQD6; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=hnP/CnRw
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d9zYgL0BdSU3 for <kitten@ietfa.amsl.com>; Wed, 6 May 2020 10:35:16 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F9DD3A08EC for <kitten@ietf.org>; Wed, 6 May 2020 10:35:16 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id C31C75C0113; Wed, 6 May 2020 13:35:14 -0400 (EDT)
Received: from imap34 ([10.202.2.84]) by compute7.internal (MEProxy); Wed, 06 May 2020 13:35:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samwhited.com; h=mime-version:message-id:in-reply-to:references:date:from:to :cc:subject:content-type:content-transfer-encoding; s=fm2; bh=b5 dfGVnEIOjoSVVbgYT1byrAQGeU8ZKLxmHTjfk+gaI=; b=z7tpsQD6iCg0by1h9/ t7qq8FhfqFhvq1Bgh4RFwFK39jgr9yZYHvhJRWXHIqHNY/13DbkNNmphqdBBYaZR vk3ffxPxXF1EHeVN+GBb8kFyAOxdiNKBYmtIvrOuNXS+COE1/LwlpGuh1f7L5/zk HHBavdk4EzhVBxUyH9ZZ6tSs2j5LT9ZrPbXx8VjI3rR+UBZ7NAtKHBBtMouENlUt EbmAxaADz7TWtZngNUnMyfYLdQXWfPOrxOzoXUwtCmIKhQEvlv3bIMsPr1VxDvEu O8F3Kfa6w7I9gewf8SDOomAQWbA/nXcaMjhRSk5LhUF7fptgMkegUU7FosoqiZqG 8ulw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=b5dfGVnEIOjoSVVbgYT1byrAQGeU8ZKLxmHTjfk+g aI=; b=hnP/CnRwHpR/TvgeUvlk8DALlQqD4OyLKIb/bJuyFkI7FNiVBYm9Z/xLc OvBB56TC9LUrC5dnz1d7HQbCRPnPLzVQPlCy7NtIF3cbSU52paEJLWg92OsrTWLd n/MMnDW6uTkTBMKB3ZL33eR+2ZwdFaCz905S8egFdfPq04CyiuPjSnXBNupqzhQJ ZZTlVdeeYcQzT0D8duFs8Q0/5gn7iiZkbJp+AeIUaMXmbABTcRSVZJSpdkTYZnsj x5ldwTWlfwckKTYn8asoqOKrBSNcH29S49lokP882IHVeV5/nr/sYEzNVSIkWWhu sRPB1DMb2UNniMKmPv7fYfhulFqSQ==
X-ME-Sender: <xms:UvWyXmamqRuYeIIEK0NlQUPPx5KmmxcmADq8cRVWPgI4GySgvXJSpg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrjeekgdduudduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgfgsehtqhertderreejnecuhfhrohhmpedfufgr mhcuhghhihhtvggufdcuoehsrghmsehsrghmfihhihhtvggurdgtohhmqeenucggtffrrg htthgvrhhnpedvffeuvdduhfefvdeiheeukeffhfekjeevgffggedtlefhhffhieevkedu vefhjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpe hsrghmsehsrghmfihhihhtvggurdgtohhm
X-ME-Proxy: <xmx:UvWyXtpy6K2Xzv8HyTwkep35IjlN2Zc9r7X2o-MgLANfhKq4qo8JyQ> <xmx:UvWyXr-vy5Fvuj7f5Y4W1CWzTuuL8So-X5R4fQVzGjYKNuP3q1FfGg> <xmx:UvWyXs93ssjqTLCxn7xrC-zawmrIfgpihsn-SMUW0ZmT5h-8flhuUg> <xmx:UvWyXsd0MkP9MetfiP_KdglHH-CXH_225iZ57RIfLRj2njqSVUPZ0g>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 2ABB41460061; Wed, 6 May 2020 13:35:13 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.3.0-dev0-351-g9981f4f-fmstable-20200421v1
Mime-Version: 1.0
Message-Id: <69821732-1e68-4b76-9c88-847fa069e1db@www.fastmail.com>
In-Reply-To: <20200430031415.GJ27494@kduck.mit.edu>
References: <feda3e13-dc28-4f8e-8360-90853f649add@www.fastmail.com> <jlg7dxy2rpx.fsf@redhat.com> <23661358-b62e-40ed-b209-0551edf4ac8f@www.fastmail.com> <20200430031415.GJ27494@kduck.mit.edu>
Date: Wed, 06 May 2020 13:34:53 -0400
From: Sam Whited <sam@samwhited.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Robbie Harwood <rharwood@redhat.com>, KITTEN Working Group <kitten@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/H6Lom1mPaGcSORhrgROtzhcMj10>
Subject: Re: [kitten] I-D: Best practices for password hashing and storage
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 May 2020 17:35:18 -0000

In the interest of keeping this moving, it's been a little over a week
and I've had a bit of review and Dave of course mentioned the initial
reason he suggested this document be brought here. If anyone else has
feedback or opinions on whether this should or should not be taken on by
the WG, I'd love to hear your thoughts.

Otherwise, what are the next steps?

Thanks as always for your help guiding me through this process. I really
appreciate it.

—Sam

On Wed, Apr 29, 2020, at 23:14, Benjamin Kaduk wrote:
> I would probably give the original mail a week or so bake time and
> see what response it elicits before going out of your way to get
> further review.

-- 
Sam Whited

v2.23.0 | Report a Bug | By Email