Re: [kitten] PA-ENC-TIMESTAMP is worse than we thought; fix in aes-cts-hmac-sha2?
Nico Williams <nico@cryptonector.com> Wed, 13 April 2016 05:38 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17CAB12DD8A for <kitten@ietfa.amsl.com>; Tue, 12 Apr 2016 22:38:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ud_qjsNR-bvF for <kitten@ietfa.amsl.com>; Tue, 12 Apr 2016 22:38:07 -0700 (PDT)
Received: from homiemail-a35.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 9D58412DD9F for <kitten@ietf.org>; Tue, 12 Apr 2016 22:38:07 -0700 (PDT)
Received: from homiemail-a35.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a35.g.dreamhost.com (Postfix) with ESMTP id 5A59DE000537; Tue, 12 Apr 2016 22:39:20 -0700 (PDT)
Received: from localhost (unknown [172.56.27.42]) (Authenticated sender: nico@cryptonector.com) by homiemail-a35.g.dreamhost.com (Postfix) with ESMTPA id 13A1EE000532; Tue, 12 Apr 2016 22:39:18 -0700 (PDT)
Date: Wed, 13 Apr 2016 00:38:04 -0500
From: Nico Williams <nico@cryptonector.com>
To: "Paul Miller (NT)" <paumil@microsoft.com>
Message-ID: <20160413053802.GC22194@localhost>
References: <20160412214556.GE19617@localhost> <BLUPR0301MB1953D569A4D0077ECE4556BFCD950@BLUPR0301MB1953.namprd03.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <BLUPR0301MB1953D569A4D0077ECE4556BFCD950@BLUPR0301MB1953.namprd03.prod.outlook.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/ToR6Yf1jgdN8ihnwJIo0UZvW56c>
Cc: "kitten@ietf.org" <kitten@ietf.org>, "Michael J. Jenkins" <mjjenki@tycho.ncsc.mil>, "Kelley W. Burgin" <kelley.burgin@gmail.com>
Subject: Re: [kitten] PA-ENC-TIMESTAMP is worse than we thought; fix in aes-cts-hmac-sha2?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Apr 2016 05:38:09 -0000
On Tue, Apr 12, 2016 at 11:13:55PM +0000, Paul Miller (NT) wrote:
> >>> Mallory: <start off-line rainbow table attack on C's PA-ENC-TIMESTAMP>
Er, right, so this isn't a rainbow table. It allows the attacker to
avoid having to compute s2k for each {password, salt}, but the attacker
still has to try every one (well, many) of those pre-computed keys to
decrypt the PA-ENC-TIMESTAMP ciphertext. So it's an optimization on the
off-line dictionary attack, but the attack is still O(N), so not a huge
win.
I guess it's Emily Litella time for me then!
Nico
--
- [kitten] PA-ENC-TIMESTAMP is worse than we though… Nico Williams
- Re: [kitten] PA-ENC-TIMESTAMP is worse than we th… Henry B (Hank) Hotz, CISSP
- Re: [kitten] PA-ENC-TIMESTAMP is worse than we th… Paul Miller (NT)
- Re: [kitten] PA-ENC-TIMESTAMP is worse than we th… Nico Williams