Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-08
Nico Williams <nico@cryptonector.com> Tue, 19 January 2016 01:24 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE3561A876E for <kitten@ietfa.amsl.com>; Mon, 18 Jan 2016 17:24:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.467
X-Spam-Level:
X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wMm9cfsjPjd1 for <kitten@ietfa.amsl.com>; Mon, 18 Jan 2016 17:24:18 -0800 (PST)
Received: from homiemail-a74.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 709691A876B for <kitten@ietf.org>; Mon, 18 Jan 2016 17:24:18 -0800 (PST)
Received: from homiemail-a74.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a74.g.dreamhost.com (Postfix) with ESMTP id 4B73567C06B; Mon, 18 Jan 2016 17:24:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=fwGYVrbDZtppf9 RSRD2Jgj0+16k=; b=DGp2IMJHJfWe+xxIHgOAOjknwjuo1DopvzYdZtA3oRHLji 4E2s/L7nYb4fjJH9QaKPkVIyVWLHWAu9DIVNZ6QDCH/8wFH/pEdNajAUg4GUwsfr 7Kuh/8wENIPYVGiM40YOMMBn69mBW6zj9PMtqWpoKDmZGyDjItgnnZQCGO2fg=
Received: from localhost (108-207-244-100.lightspeed.austtx.sbcglobal.net [108.207.244.100]) (Authenticated sender: nico@cryptonector.com) by homiemail-a74.g.dreamhost.com (Postfix) with ESMTPA id 9DC6C67C065; Mon, 18 Jan 2016 17:24:17 -0800 (PST)
Date: Mon, 18 Jan 2016 19:24:16 -0600
From: Nico Williams <nico@cryptonector.com>
To: Greg Hudson <ghudson@mit.edu>
Message-ID: <20160119012415.GY6027@localhost>
References: <alpine.GSO.1.10.1601060014510.26829@multics.mit.edu> <56992BA6.7040309@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <56992BA6.7040309@mit.edu>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <http://mailarchive.ietf.org/arch/msg/kitten/yAj0GErxYTqy6FKCPYm-SOfW7Ic>
Cc: kitten@ietf.org
Subject: Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-sha2-08
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jan 2016 01:24:19 -0000
On Fri, Jan 15, 2016 at 12:25:58PM -0500, Greg Hudson wrote: > I did another read-through of the draft. I found some minor issues, > which I hope can be resolved without requiring another WGLC. I did as well. I don't have anything substantial to add to your comments: > * Section 8 says, "The salt and iteration count resist brute force and > dictionary attacks, however, it is still important to choose or generate > strong passphrases." This is a run-on sentence; the comma preceding > "however" should be a semicolon. The use PBKDF2, a salt, and a large iteration count, adds some resistance to off-line dictionary attacks by passive eavesdroppers. Salting prevents rainbow table attacks, while large iteration counts slow password guess attempts. Nonetheless, it is important to choose strong passphrases, and/or to use other Kerberos extensions that protect against off-line dictionary attacks. For example, FAST [RFC6113] with a suitable armor ticket, or a future password- authenticated key exchange (PAKE) pre-authentication method. > * Section 8.1 says, "ktutil's add_entry command assumes the default > salt." That might be too specific; I suggest "Some key table > manipulation programs assume the default salt when adding entries based > on passwords." Even the words "key table" are a bit too specific. The salient point is that non-interaction with the KDC implies not knowing the salt; utilities that need a salt but do not or cannot interact with a KDC to find out what the salt is need a default salt, and that needs to work else such utilities cannot. ktutil in particular could have an option to learn the salt, but if it has to work off-line then it cannot. Lastly, as to not every random salt being a UTF-8 string, it is possible to increase the length of the salt to accomodate any NIST guidance as to entropy content of salts when they are generated. Nico --
- [kitten] WGLC on draft-ietf-kitten-aes-cts-hmac-s… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Greg Hudson
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Nico Williams
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Kenneth G Raeburn
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Nico Williams
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Jeffrey Altman
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Benjamin Kaduk
- Re: [kitten] WGLC on draft-ietf-kitten-aes-cts-hm… Jeffrey Altman