Re: [kitten] Comments on draft-ietf-kitten-password-storage-04
steve@tobtu.com Sun, 21 March 2021 01:35 UTC
Return-Path: <steve@tobtu.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B04C3A1132 for <kitten@ietfa.amsl.com>; Sat, 20 Mar 2021 18:35:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.004
X-Spam-Level:
X-Spam-Status: No, score=0.004 tagged_above=-999 required=5 tests=[RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6lCSIrwfxP6p for <kitten@ietfa.amsl.com>; Sat, 20 Mar 2021 18:35:36 -0700 (PDT)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52FEA3A1180 for <kitten@ietf.org>; Sat, 20 Mar 2021 18:35:33 -0700 (PDT)
Received: from oxusgaltgw01.schlund.de ([10.72.72.47]) by mrelay.perfora.net (mreueus003 [74.208.5.2]) with ESMTPSA (Nemesis) id 0Lr0UP-1lsBsN0meZ-00egxI for <kitten@ietf.org>; Sun, 21 Mar 2021 02:35:32 +0100
Date: Sat, 20 Mar 2021 20:35:31 -0500
From: steve@tobtu.com
To: "kitten@ietf.org" <kitten@ietf.org>
Message-ID: <2110984725.110415.1616290531763@email.ionos.com>
In-Reply-To: <E4D53992-EFFD-4938-8427-D276B5A0A178@bluepopcorn.net>
References: <E4D53992-EFFD-4938-8427-D276B5A0A178@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.4-Rev20
X-Originating-Client: open-xchange-appsuite
X-Provags-ID: V03:K1:lrpzgZ4+JFXjcytbHIUj/JEfPF4huaTjyPTN1QuaunCqMWRehJv v1WBfFwGTrkxSow4okdNAn4Hj6yaFZ6AfSqPOI9akxwd5mIplw0ylrJyT6Qx/kDPXnczSV8 7pzyGWN3+ICu/Sr+L24yU2uUVtJJHjcoV+9NzWjMhOLFVkGiFOILfXOrVHZNV20sUsV/MoQ oCXnedhUYT+KrALv+be/g==
X-UI-Out-Filterresults: notjunk:1;V03:K0:7LLh7dlY7BA=:bpILyz9bwvbtzvs7r7174T SkDWnsuNCQIxndjfrrImNHYn12/Y/qSn+nrcb02E4hB5XuXczfTgdOl4H9i7QBiuscEye32YR /fBXujWsbeqssNrO3I2tLOtaJ21pzAir9s8EWtwk6iytK25dvAzqBL6OX2luHzAoyJzjeAx/k L2Bq83pzFBjHAJYZeCKmzXSO5+RQO0MM6FNmfpwgV1b+/zruFi+XPkzgqxrXgsOQ4Dt8dwO4P swypLY992R+786otzHI7pAu4FoHNlYTa/uBb0gsZm3XBSVJC7Zvbi6XXWPpTqA6Z5hIZ5VTdP 2IHteYf89YLCLlAdC8cKE7Ys9cNHHQ0HamtEqYmcsJttcKhdx//1MCzGOCYMsXXruULlFbRdr +Ke0n/mTNuIFzd6ta/B6uD/6Achg2a4awhxxkLrMP4reLm0GAeToKwaXpAViK
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/YiWZqCpezT9qkIsM4n9yj5JmwiA>
Subject: Re: [kitten] Comments on draft-ietf-kitten-password-storage-04
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Mar 2021 01:35:41 -0000
Note on OWASP, it is going through massive changes and should not be looked at for about a week. Also settings are now based on benchmarks or theoretical speeds, except bcrypt because "9 feels low". Argon2id: m=37 MiB, t=1, p=1 m=15 MiB, t=2, p=1 bcrypt: cost 12 PBKDF2: HMAC-SHA1: 720,000 iterations HMAC-SHA256: 310,000 iterations HMAC-SHA512: 120,000 iterations > On 03/20/2021 7:31 PM Jim Fenton <fenton@bluepopcorn.net> wrote: > > > Some comments on the draft: > > Abstract: “other authentication secrets”: There are authentication > secrets with high enough entropy that iterated/salted/peppered storage > is overkill. An example (although I’m not sure how relevant to SASL) > is a secret used for generating time-based one-time passwords; in this > case you can’t hash the secret at all. I’d suggest targeting this > more specifically to modest-entropy secrets (memorized secrets being the > obvious example). > > 1.1 Pepper definition: “They must not be stored alongside…” This > is a normative MUST, so all caps. But the better place to put a > normative requirement like this is probably in section 4.2 rather than > in the definition. > > 3.1 “man in the middled”: aside from the verbing of a common term, > this is inappropriately gendered. Suggest “has successfully executed > an in-the-middle attack” > > 3.2 “authenticators”: suggest “authentication secrets” (2 > places). Similarly in 4.1; perhaps other places. > > 4.1: I’m concerned that the MUST NOT here conflicts with the SHOULD > NOT regarding OBSOLETE and LIMITED mechanisms in Section 2. Of course, > MD5 is not an SASL mechanism per se, and “support any mechanism” in > this context may not necessarily mean an SASL mechanism, but I still > found this vaguely confusing. > > 4.2: “more up to date numbers may be found in [OWASP.CS.passwords]” > I couldn’t find this in the OWASP recommendations. As I think I > commented before, I think the salt and pepper minimums are too large. > Salt is needed to make rainbow tables impractical and to deduplicate > entries with the same password, so 32 bits should be sufficient (this > value is used in NIST SP 800-63B). The pepper value needs to be large > enough to resist brute-force and other likely attacks; NIST SP 800-131A > specifies 112 bits. I’d suggest not getting carried away on the > minimums. > > 4.3: “using a cryptographically secure hash such as SHA256” is a > poor example because elsewhere it says not to use plain SHA256 since > it’s fast. Suggest you use a real KDF as an example. > > 5.2: Bcrypt is no longer the current (top) OWASP recommendation. > > 7: Suggest saying something about Unicode characters and password > length, that the 8 character minimum doesn’t mean 8 bytes of Unicode. > SP 800-63B says, “Each Unicode code point SHALL be counted as a single > character” which is better but I’m not sure is the perfect wording > since accents, etc. are code points and the Scottish flag is apparently > 7 code points. > > -Jim > > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Jim Fenton
- [kitten] Comments on draft-ietf-kitten-password-s… Jim Fenton
- Re: [kitten] Comments on draft-ietf-kitten-passwo… steve
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Sam Whited
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Sam Whited
- Re: [kitten] Comments on draft-ietf-kitten-passwo… steve
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Sam Whited
- Re: [kitten] Comments on draft-ietf-kitten-passwo… steve
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Jim Fenton
- Re: [kitten] Comments on draft-ietf-kitten-passwo… Sam Whited