Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard

[Eran Hammer <eran@hueniverse.com>]

New text:

          The probability of an attacker guessing generated tokens (and other credentials not
          intended for handling by end-users) MUST be less than or equal to 2^(-128) and SHOULD be
          less than or equal to 2^(-160).

Removed reference to RFC 1750.

EH

> -----Original Message-----
> From: John Bradley [mailto:ve7jtb@ve7jtb.com]
> Sent: Monday, February 06, 2012 5:07 PM
> To: Eran Hammer
> Cc: Julian Reschke; ietf@ietf.org; The IESG; oauth@ietf.org
> Subject: Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The
> OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard
> 
> RE new text in Draft 23
> 
> http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-10.10
> 
> Generated tokens and other credentials not intended for handling by
>    end-users MUST be constructed from a cryptographically strong random
>    or pseudo-random number sequence ([RFC1750]) generated by the
>    authorization server.
> 
> Given that many implementations may elect to use signed tokens, such as
> SAML or JWT (JOSE) this should not be a MUST.
> 
> Giving people sensible defaults such as the probability of an attacker
> guessing a valid access token for the protected resource should be less than
> 2^(-128).
> 
> The probability of generating hash colisions randomly is a odd metric,  2^(-
> 128) for a SHA256 as I recall.
> Many factors play into what is secure, token lifetime etc.
> 
> I don't mind some reasonable defaults but adding a requirement for
> unstructured tokens is a bit much.
> 
> Regards
> John B.
> 
>