Re: [OAUTH-WG] SPOP: Code Challenge Discussion
Bill Mills <wmills_92105@yahoo.com> Wed, 03 December 2014 18:10 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C64B41A8BC2 for <oauth@ietfa.amsl.com>; Wed, 3 Dec 2014 10:10:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.59
X-Spam-Level: *
X-Spam-Status: No, score=1.59 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, J_CHICKENPOX_45=0.6, J_CHICKENPOX_46=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nkDk-BRYlZb7 for <oauth@ietfa.amsl.com>; Wed, 3 Dec 2014 10:10:15 -0800 (PST)
Received: from nm48-vm10.bullet.mail.bf1.yahoo.com (nm48-vm10.bullet.mail.bf1.yahoo.com [216.109.114.235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E36FC1A8AAD for <oauth@ietf.org>; Wed, 3 Dec 2014 10:10:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1417630208; bh=JApnr05dTfG8NMqJiBejqM1ZYex5k3/xzet89AGb3vs=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=EI2YvhUnMXthqzlDz94te7x4Ad59CY9MgHXMXGbqdRdRLJDccC6YjW4AI99syfV4A3JrhGNCdqLW+AGOUH2xR91CKf13uRv2HAvc7J4PgF4T1+RkZBZ8MK/WavHncSKvdPeLp3ULLBkJV0aj93NA+w5V9xSuUrMWmNDK5SV1RcJRemhpoO9MgHwCUBFV2UXfb0CI3hKctPjqZ2QoAndrIu1m3sVf/jevPo/7uEHo6IjNd0JMqd+7UK1l0QRwVBkz0wRlYDlrZ/L2L4Qykh3EazL3FJg4+lc6Ml1jLpz72sFe46hHH9ooAEYFXCEViXu2PpRuhTWYHr34otdqojJPAA==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=sBJlBq2EFlaoGeZcSYGNbF9GcP/qHKydcMzu7gMbhCpEPzwhx5swbCOGFzp4PV2u/R1ZeKhqfZAPlF3g42v386Vfy/mQGGgvl43stTJaw7w3tMrBy5F5KjEFigcSZBPtKGbc7faIhlRR3QE90kSGSvYSRYuO/HCQ+1kLvhMsnrWDtFnweUltF03I7CHvpWC2BsdXRHeWBaUcio7QeGoNcEtQfCfp7wEku52Isj/qgIVO5LvA+QYg5oy1TnbL3fCPSUdpnAiR/+kVfI4SvMVCiKBbzzcQ6MBrfJ1N049VniGzZzeGdW61nZq2/FkCd802WKppgBHjcZZnARPjqvd9eg==;
Received: from [66.196.81.172] by nm48.bullet.mail.bf1.yahoo.com with NNFMP; 03 Dec 2014 18:10:08 -0000
Received: from [98.139.212.211] by tm18.bullet.mail.bf1.yahoo.com with NNFMP; 03 Dec 2014 18:10:08 -0000
Received: from [127.0.0.1] by omp1020.mail.bf1.yahoo.com with NNFMP; 03 Dec 2014 18:10:08 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 120177.78814.bm@omp1020.mail.bf1.yahoo.com
X-YMail-OSG: FbxnU3IVM1lN7Ivh_FTT.noFw0lSDjptXhQwKE8sfjEtmuq5MlTiZ8SPACGvMFN _pc_1NCqbCfebC_b96wJ9QKhhY0eP1KoTsmF5zBQ7OGlQg416zbB1I3i866VQLGIDLspBfFnXUNx 6goDFLTn3YAkm7IbugibYvCpsAUZnQqd6iLPu3L4NqHjUoCupn7Eif4xIHAofP0FXKaq3EqOWjJS t2DHyoLSArKqzG3vt0gI7_jntZoKvN2LLaPSywFXW09YwIRbrO37.i2sebYINTS67X2blnz_jAoF 4Pfbx8XICUq_Gz8zfebV7VW2iJf5PwwMq8V_skKDETkT1iOogtc_1Il7etjpdT58zvkDjGh.dO24 Gm3m5DslgseZ.GMKPibWHLuhqIFZo4YWyV1yGGWVfx8fB8TvGhbJ8.sWb4uTMkoD1KVKZp0b.skc 0dWh6oTHVY5tqvP4vxjzljH_dPkv.M07ogLk.SsfuAwI_DiWtLJPbzMWE77_vZ2HbCaBx4UAk
Received: by 76.13.27.35; Wed, 03 Dec 2014 18:10:07 +0000
Date: Wed, 03 Dec 2014 18:10:07 +0000
From: Bill Mills <wmills_92105@yahoo.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Message-ID: <778679063.4544892.1417630207273.JavaMail.yahoo@jws10617.mail.bf1.yahoo.com>
In-Reply-To: <547EF145.5030501@gmx.net>
References: <547EF145.5030501@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_4544891_579265890.1417630207266"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/YMkC6hIj6bdGlYzOKZ52aVe54Hg
Subject: Re: [OAUTH-WG] SPOP: Code Challenge Discussion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2014 18:10:17 -0000
Quoting from 7.1 "It is RECOMMENDED that the output of a suitable random number generator be used to create a 32-octet sequence." So the spec is already recommending 256 bits of randomness, is that language not clear enough? On Wednesday, December 3, 2014 3:17 AM, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: Hi all, I am trying to figure out how to progress the SPOP document and therefore I read through the discussion about the code challenge, see I wanted to share my view about this topic. As a summary, the mechanism works as follows: C: Compute code_verifier:=rand() C: Compute code_challenge:=func(code_verifier) (For this discussion, the function func() is SHA-256.) C: Send(Authz Request + code_challenge,S) S: store code_challenge S: Send(Authz Grant,C) C: Send(Access Token Request || code_verifier, S) S: Compute code_challenge':=func(code_verifier) S: IF (code_challenge'==code_challenge) THEN SUCCESS ELSE FAIL. The document currently does not say how much entropy the random number has to have. The text only talks about the output size and SHA-256 indeed produces a 256 bit output. Here is the relevant text: " NOTE: code verifier SHOULD have enough entropy to make it impractical to guess the value. It is RECOMMENDED that the output of a suitable random number generator be used to create a 32-octet sequence. " I suggest to recommend at least 128 bits, which is inline with the recommendations for symmetric ciphers in http://tools.ietf.org/html/draft-ietf-uta-tls-bcp-07 I would also suggest to reference RFC 4086 concerning the creation of random numbers. Furthermore, since you allow other hash functions to be used as well it would be good to give guidance about what the properties of those hash functions should be. You definitely want a cryptographic hash function that provides pre-image resistance, second pre-image resistance, and collision resistance. Given the size of the input and output it is impractical to compute a table that maps code_verifies to code_challenges. This mechanism provides better properties than the "plain" mechanism since it deals with an attacker that can see responses as well as requests (but cannot modify them). It does not provide any protection against a true man-in-the-middle attacker. Ciao Hannes _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion John Bradley
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion John Bradley
- [OAUTH-WG] SPOP: Code Challenge Discussion Hannes Tschofenig
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion Nat Sakimura
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion Hannes Tschofenig
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion John Bradley
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion Hannes Tschofenig
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion John Bradley
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion Hannes Tschofenig
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion Bill Mills
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion Hannes Tschofenig
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion Hannes Tschofenig
- Re: [OAUTH-WG] SPOP: Code Challenge Discussion John Bradley