IETF Logo Mail Archive

[kitten] Comments on draft-ietf-kitten-password-storage-03

steve@tobtu.com Thu, 11 March 2021 16:57 UTC

Return-Path: <steve@tobtu.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55C523A1419 for <kitten@ietfa.amsl.com>; Thu, 11 Mar 2021 08:57:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.919
X-Spam-Level:
X-Spam-Status: No, score=-1.919 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kOlE7WtcRZEC for <kitten@ietfa.amsl.com>; Thu, 11 Mar 2021 08:57:51 -0800 (PST)
Received: from mout.perfora.net (mout.perfora.net [74.208.4.197]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ACE53A1413 for <kitten@ietf.org>; Thu, 11 Mar 2021 08:57:50 -0800 (PST)
Received: from oxuslxaltgw04.schlund.de ([10.72.76.60]) by mrelay.perfora.net (mreueus003 [74.208.5.2]) with ESMTPSA (Nemesis) id 0MhjfR-1l6sG51Vad-00Mt1n for <kitten@ietf.org>; Thu, 11 Mar 2021 17:57:50 +0100
Date: Thu, 11 Mar 2021 10:57:49 -0600 (CST)
From: steve@tobtu.com
To: "kitten@ietf.org" <kitten@ietf.org>
Message-ID: <1689536526.89782.1615481869806@email.ionos.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.4-Rev19
X-Originating-Client: open-xchange-appsuite
X-Provags-ID: V03:K1:HJrPDxnWk/wvv8qKcV+0oKrCEv7NxqbzRERGidQp5J91HSXQDJN 4Zhf2CLo9U9GmAnAULZsyhY3s9ULn7j0YYbkl/VGVo7D2rufndG2cFTf9JyV4cgxepMsegP 1V3EfGDS1Vd4E3/jMlzOHxQWVmpdaj9OWC8h2uHWU9dDGCp81Kxi/bQ6bPLVqKXaETVzdCc o0gj5dV60fB6elBjysLZQ==
X-UI-Out-Filterresults: notjunk:1;V03:K0:kGqufGWxKXM=:D8gkC0EKfZRL/HpkiHUwxW 5tEzvxM3en4k2EMCmc5iU1UtzvCymny7VaW7mbRCYoeEdQDGIjWtUPu8XbAOyWmw8adzQQGnq e+MiMnaEd8sbLCZnKG3Bg5HucsYa6CzkRLjnZhJeLi1sXBh/RuNmi+TW0Q5YOA0NVhkBsB40E nV8JwgIg3IVqyPr40VikLvheWRkkM5rJkjLTieUOzmbGMqfUd5Ot/UgFXB3+Fl0sa/sNCj9Ge FGIxlo/gqxpElUdegpGwTjAYvoNhYQI3gvnE2SgjmGQ1onvS1gichgiQo0FvM1EUXC2Ipt7U8 FXS1kNh2UnBQAYuklHgCJ/YQ0T1AZLYGX0lr4dPUTuOzIb+mM5K7Jw71sg47MESjvZMKHtnf9 17VWkdmknQ9YvKNKljM+1Ir/9k6sxVsNNW90s/VDbI8J2IsVRIt4qsC/YgnYF
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/_uBIC733w2jhfFTryXHrkmZ6HEs>
Subject: [kitten] Comments on draft-ietf-kitten-password-storage-03
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2021 16:57:52 -0000

For the output lengths, pick a number between 16 and 32 bytes and stick with that. I'd suggest 16, 24, or 32 but it doesn't really matter.

** Argon2 and scrypt **
Just say "[pick a number] Bytes or default" with [pick a number] being what ever you picked.

** bcrypt **
bcrypt is not a KDF. So you can't pick an output length. Thus "Output length: x (internal hash function output length)" should be removed as it does not make sense.

** PBKDF2 **
PBKDF2 should never output more than "hLen (length of the chosen hash)" for password hashing. So this should be "Which ever is smaller [pick a number] Bytes or hLen (length of the chosen hash)" with [pick a number] being what ever you picked.

v2.8.7 | Report a Bug | By Email