IETF Logo Mail Archive

[kitten] Comments on draft-ietf-kitten-password-storage-02

steve@tobtu.com Mon, 23 November 2020 04:46 UTC

Return-Path: <steve@tobtu.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A62453A1324 for <kitten@ietfa.amsl.com>; Sun, 22 Nov 2020 20:46:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[RCVD_IN_MSPIKE_H2=-0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UlAWXmwWYIM3 for <kitten@ietfa.amsl.com>; Sun, 22 Nov 2020 20:46:56 -0800 (PST)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63E603A1317 for <kitten@ietf.org>; Sun, 22 Nov 2020 20:46:56 -0800 (PST)
Received: from oxuslxaltgw13.schlund.de ([10.72.76.69]) by mrelay.perfora.net (mreueus003 [74.208.5.2]) with ESMTPSA (Nemesis) id 0MOxnN-1kcuc50zTT-006M7B for <kitten@ietf.org>; Mon, 23 Nov 2020 05:46:54 +0100
Date: Sun, 22 Nov 2020 22:46:53 -0600
From: steve@tobtu.com
To: "kitten@ietf.org" <kitten@ietf.org>
Message-ID: <383104680.145048.1606106813679@email.ionos.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.3-Rev26
X-Originating-Client: open-xchange-appsuite
X-Provags-ID: V03:K1:uIGHPJZY8KzaC1wVopWYzMssRL6bSBZX2s+KXrQM6w9j5BkHpLu ZVwVoWoGV1j1ay7gNKjWNOH2qwbJCjmw24kmc/NeIw3cgJLET/pqhBE2SRpEXjcuaE0xOoj FZ8qamJAaBX+ZZ2bqpzaaU3W1YED4/qn0E91x9az/QvFWFEUMLwckG27XstfwtpVS0qowOg QuHD3Dhkz/H8ezLK0gN5w==
X-UI-Out-Filterresults: notjunk:1;V03:K0:eHnLjZfGA30=:pacu7nxDaMMlpR2Tnxhy6J Zc75UfqraQ8++m7m4wPgC0k5kbQWZn6UfnrAUqwueefGB/OZALjZZUHj1hqVkovIKUA4rhWIb 40jDhcN2rwf+klgP2Kd1gka7z6z5ef5LuAcBtKsgTO7h9HUaqRFxLtt01y8A/STN34kcaAGHX GSWU8IvAjmmJxKGJPBQdrYDcW8oq75UUL9dfvzWQ+rmzKUEi/kY9hpwk8zgWzDaQbhGXJCRU/ vRSp3tqWSYBSDyGlMD9eqrFs7mdUrsL/u37KQ8ytwG6tC9e2d8QY8luV7aVgYqEAXmVXuwuyz 6fVcglYdgM8pfIXEZuDYTRypjEbol41EtwPpojALXhmcLfOqIb/2ETzhg1YoaXlMQa8ocZFEo rw8ZZcJ/e43W7jwZixIbXV3UsBrI46bjGpSvEL0yI5CbPTbgibX2Db+UW2z31
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/W3BRxHm1rlGlqeHG1jShioyHVMQ>
Subject: [kitten] Comments on draft-ietf-kitten-password-storage-02
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Nov 2020 04:46:58 -0000

scrypt's "output length (dkLen)" of "hLen (length of the chosen hash)" is the same wording as PBKDF2, but you can't choose a hash. Also this doesn't matter because scrypt uses PBKDF2 with 1 iteration so it doesn't suffer from the PBKDF2 footgun.

The password hashing output length should be 128 to 256 bits. More doesn't matter and less can start getting dangerous. Also same applies to Argon2.

v2.23.0 | Report a Bug | By Email