IETF Logo Mail Archive

Re: [kitten] I-D: Best practices for password hashing and storage

Simon Josefsson <simon@josefsson.org> Tue, 28 April 2020 22:43 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D683B3A0764 for <kitten@ietfa.amsl.com>; Tue, 28 Apr 2020 15:43:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=josefsson.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZuZvHtGBcPEh for <kitten@ietfa.amsl.com>; Tue, 28 Apr 2020 15:43:36 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b1:8633::105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DB833A0762 for <kitten@ietf.org>; Tue, 28 Apr 2020 15:43:35 -0700 (PDT)
Received: from latte (31-208-42-58.cust.bredband2.com [31.208.42.58]) (authenticated bits=0) by duva.sjd.se (8.15.2/8.15.2/Debian-8) with ESMTPSA id 03SMhKOc000472 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 28 Apr 2020 22:43:21 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=josefsson.org; s=default; t=1588113801; bh=2PabogFWLE3qkmoeEa/s8wx5Ha4SFJE8xWSrZ0WIorY=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=Un4zDy7CKjzjI6WMFu1DuSzp4BFQQssKYqdT8MKdKEkLp0ZHcBVso4k4iOzJQ3unm y8wHIOPOH5N8yWmFpNjTE1VsqxOuUv9ObRXrNhKDCoTcBmX7h0Dlhg0SaFU5aRBXkO BWfxYTf66lw9AY+fExbaFo1JxUKtVWZyy5XCq9JAe+HMvPL/zQmPlTXx2W6HUECVTA XtWHgPB6gqHW8c5cFVRomjIMJ7gSoI1e5GlNOpHLZZ/45anoYC4kk5HcDSZBMQ9DOk a3jm5WquoEVHBSBVB5YH/XxLE/qwHEKiF4SQKGGsVltuovFc9mmmCt6PjvO4JVLinM 8mRIb6pQNqsGw==
From: Simon Josefsson <simon@josefsson.org>
To: Sam Whited <sam@samwhited.com>
Cc: KITTEN Working Group <kitten@ietf.org>
References: <feda3e13-dc28-4f8e-8360-90853f649add@www.fastmail.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:22:200428:kitten@ietf.org::9ok0REy99C+ZUIn3:vme
X-Hashcash: 1:22:200428:sam@samwhited.com::X5m5nD1YDBEyNWsr:9tso
Date: Wed, 29 Apr 2020 00:43:20 +0200
In-Reply-To: <feda3e13-dc28-4f8e-8360-90853f649add@www.fastmail.com> (Sam Whited's message of "Mon, 27 Apr 2020 09:31:52 -0400")
Message-ID: <87lfmfkz93.fsf@latte.josefsson.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.102.2 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/t8Yms70uBrbL-F_LP4Olim4WJrE>
Subject: Re: [kitten] I-D: Best practices for password hashing and storage
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 22:43:39 -0000

Hi,

Nice work!  Some minor comments:

  1) I consider PLAIN worse than DIGEST/CRAM-MD5.  Maybe it will help
  the reader understand better if you explain the criteria for sorting.

  2) By describing how implementations should handle credentials for
  PLAIN, it encourages continued use of PLAIN.  PLAIN is a bad idea from
  many perspectives.  I believe that it is better to say that if any
  work to improve security is done on a client or server that uses
  PLAIN, it should be to move to SCRAM-SHA-256, not to implement various
  mitigations.  Mitigations prolongs the transition pain and deter focus
  from the process of moving away from PLAIN.

/Simon

"Sam Whited" <sam@samwhited.com> writes:

> Hi all,
>
> I've been working on a document making recommendations for password
> hashing and storage (possibly with a focus on SASL). I was encouraged to
> turn it into an I-D and ask if it was something the KITTEN WG would be
> interested in? If so, what would the process look like going forward?
>
> The initial draft has been uploaded here:
> https://datatracker.ietf.org/doc/draft-whited-kitten-password-storage/
>
> As an I-D the scope of the document is potentially much broader than the
> one I was originally writing, so suggestions for anything else that
> might be useful to include would be welcome. For example, adding a
> section on how to properly tune KDFs for your service might be a good
> future addition.
>
> —Sam

v2.23.0 | Report a Bug | By Email