[OAUTH-WG] OAuth token entropy
Oleg Gryb <oleg_gryb@yahoo.com> Fri, 02 November 2012 16:16 UTC
Return-Path: <oleg_gryb@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF4FC21F8CB9 for <oauth@ietfa.amsl.com>; Fri, 2 Nov 2012 09:16:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.002
X-Spam-Level:
X-Spam-Status: No, score=0.002 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UXUeEvPO21dv for <oauth@ietfa.amsl.com>; Fri, 2 Nov 2012 09:16:53 -0700 (PDT)
Received: from nm30-vm2.bullet.mail.ne1.yahoo.com (nm30-vm2.bullet.mail.ne1.yahoo.com [98.138.91.130]) by ietfa.amsl.com (Postfix) with ESMTP id 4D1F321F8CB1 for <oauth@ietf.org>; Fri, 2 Nov 2012 09:16:53 -0700 (PDT)
Received: from [98.138.226.176] by nm30.bullet.mail.ne1.yahoo.com with NNFMP; 02 Nov 2012 16:16:46 -0000
Received: from [98.138.89.254] by tm11.bullet.mail.ne1.yahoo.com with NNFMP; 02 Nov 2012 16:16:46 -0000
Received: from [127.0.0.1] by omp1046.mail.ne1.yahoo.com with NNFMP; 02 Nov 2012 16:16:46 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 737920.12364.bm@omp1046.mail.ne1.yahoo.com
Received: (qmail 56746 invoked by uid 60001); 2 Nov 2012 16:16:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1351873006; bh=Jo0MsA7PuXw5ViUKtdslm9Wuy0Oqrp/E4igCYcGIJw0=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type; b=q4vTuJcNkMYjpApXnSRwNTbBW65AqHBeuyynCQxKa0VkTBgXL1cIuNbaKTwKa3T77B3VHevZGXkKqCwZtezjHs6XI8xmUfVrjhstUi0katgsqtltj1MK2jNbtBxnLfw9BGOKgRhi93HrQp8uh8QS3UpMgE/SQszw9bhieY9Ec7A=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:Cc:MIME-Version:Content-Type; b=BWL7DPQ+MiNVhzVPbf9Vd3TKUnOqL4oOPTeusG3f2X/Z8xxNDyz1mdiRZxSHOa6dxNDjawa8a2Iit8EhqV3m4i8faiItYt6y4qnPdLFr6zi2IuDmSSi20yo4miTHYyM9hZ9Gz3MjWuNyxysQcfG4VgK0AzQ5cQZ+8nBkcKaCxII=;
X-YMail-OSG: hqFwNvcVM1mpthNRAAVEmpcgWNSdYM5BIjH1KcteC.4Ku8Q Nbk4qISuq3rTa5Bhezhv5nu3vJW7fkk1HRvMAVS1CeeV0JXBztCTwFXKaayj RIMWmtDGw9aC3jtY.XtCOBYFBH2ze80Kzaw3e4O3CO4PHBiPP0OyKpD1gAkr J7v00DDsgmh21WK5kK3HkyTCrDBzByaOt1KT5aAtm58g8qGARobda9V8izKE B5Cj5SXUNvaFNHyj85dYsztLjseff0oApgMYDAbRDQXmMJ5V54a9h4qvh7vz rsm54wCMFZgE3qmfqp0knI3NdLaZHKxEphPVKARUZup6AVa9GiOPoEAoNgt6 cLSjl1qgF29tkqHadJl2UXmdK5guXB8HdcLoJZJrXwUxwTCNx.IUy1mFKnjF gZZwefG59JbZUYU_RzKJhSZ6AJR2aTu6qJLCjmRQFR8HApNTAerL6bT4v.34 zqYlt4cNI.Ud0X.baGaCsHoFuEvp0Q9gihtHSgfqEU3OjBth2LOGu2aFD6dn 7HMuuLqUkiVbLWanAgxUW_V1_dZZuaq2Egqn6wqlHadp_YTVg3gm9MHLh3y5 syuU7Xu_8hcjSZNH3MA8rnaS6c0UsGyPRXVYQbcvWJoK8RY03w1RDJamWSLZ I51Bj_JCBwbJC5x2.8AE-
Received: from [199.16.140.30] by web121003.mail.ne1.yahoo.com via HTTP; Fri, 02 Nov 2012 09:16:46 PDT
X-Rocket-MIMEInfo: 001.001, Q2FuIHNvbWVib2R5IHBsZWFzZSBwcm92aWRlIGNsYXJpZmljYXRpb24gZm9yIHRoaXM6DQpodHRwOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1pZXRmLW9hdXRoLXYyLXRocmVhdG1vZGVsLTA1I3NlY3Rpb24tNS4xLjQuMi4yNS4xLjQuMi4yLiAgSGlnaCBlbnRyb3B5IG9mIHNlY3JldHMuLi4KICAgVGhlIHByb2JhYmlsaXR5IG9mIGFueSB0d28gQXV0aG9yaXphdGlvbiBDb2RlCiAgIHZhbHVlcyBiZWluZyBpZGVudGljYWwgc2hvdWxkIGJlIGxlc3MgdGhhbiBvciBlcXVhbCB0byAyXigtMTI4KSBhbmQBMAEBAQE-
X-Mailer: YahooMailClassic/15.0.8 YahooMailWebService/0.8.123.460
Message-ID: <1351873006.52556.YahooMailClassic@web121003.mail.ne1.yahoo.com>
Date: Fri, 02 Nov 2012 09:16:46 -0700
From: Oleg Gryb <oleg_gryb@yahoo.com>
To: torsten@lodderstedt.net
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-2027350018-1941087300-1351873006=:52556"
Cc: oauth@ietf.org
Subject: [OAUTH-WG] OAuth token entropy
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: oleg@gryb.info
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Nov 2012 16:16:53 -0000
Can somebody please provide clarification for this: http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-05#section-5.1.4.2.25.1.4.2.2. High entropy of secrets... The probability of any two Authorization Code values being identical should be less than or equal to 2^(-128) and should be less than or equal to 2^(-160). Is there any reason why we have two inclusive conditions in this statement or is it a typo and you meant something else?
- [OAUTH-WG] OAuth token entropy Oleg Gryb
- Re: [OAUTH-WG] OAuth token entropy Brian Campbell
- Re: [OAUTH-WG] OAuth token entropy Phil Hunt
- Re: [OAUTH-WG] OAuth token entropy Oleg Gryb
- Re: [OAUTH-WG] OAuth token entropy John Bradley
- Re: [OAUTH-WG] OAuth token entropy Oleg Gryb