[openpgp] Fingerprint Workfactor Hardening.
Phillip Hallam-Baker <phill@hallambaker.com> Thu, 06 October 2016 18:18 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9878712974F for <openpgp@ietfa.amsl.com>; Thu, 6 Oct 2016 11:18:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.596
X-Spam-Level:
X-Spam-Status: No, score=-2.596 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YxiwJ9kTm655 for <openpgp@ietfa.amsl.com>; Thu, 6 Oct 2016 11:18:53 -0700 (PDT)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com [IPv6:2a00:1450:400c:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 87CEE129717 for <openpgp@ietf.org>; Thu, 6 Oct 2016 11:18:53 -0700 (PDT)
Received: by mail-wm0-x234.google.com with SMTP id f193so305705930wmg.0 for <openpgp@ietf.org>; Thu, 06 Oct 2016 11:18:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to; bh=kLh9j2MEVi8iX3RjyzT7ZshAwl0l2/uQimILnTPS6UE=; b=jJr1eOe/XqV9Jfnq2cOrUOiO7UjyK+lb4+4gQ3YxRSga3ur1CwiOCfEATdPOw/X9Tg JIt0o0Wm3Kv3Qx9eOc/0wlVbR+hWRrIjbi/HFZqC0pqZ+RhCY50CYfdv/dJIlqw7TkAh u8uf0NuV7ERE2lbPs9ZFWnJprvHzzlJfZN6dtgJo8JW3aUlmmQXqOphhQvrUMavi6L16 iO3iy8Jo5xVUnBFhqgnKla55wdYP/1GZvXEDA6pyzzHBgXB2K5JXPaXsUXuixMSqAU4/ QcIU0G1oUkvPF/CQB5W2bmBeQSMkHTTChiAZYfkxA9rrLYotzOIm8KE261+Xk2sCTppt P1cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=kLh9j2MEVi8iX3RjyzT7ZshAwl0l2/uQimILnTPS6UE=; b=G4b9Op6yutQxbHKCqlC+rkjoW+ZjjstKtmlHMsEEUM9eNS0OSem+v5T0Ww5Oi7m4OP lHmpyidAw1OAOEgHKbXRP6nZ23L7rfE9Db0YNMjwiM84DarhMx7RthBdCanCeXKJces2 g8OR3YXY8G/dBLAT9HZeHrNsDkuc0QUr6hVnhkT7KL0afkj//Yt1cWI4jzSSQHX483IV rnT4h8GCfHBzO8mEmNpjrk46TqOBUUIgr7clC976Z9I7dmosGFqPx7n3vB1rXQLImXIX 31Oo0SxM/nvR+MryNZJhpacylRnXst5wDo1QbF6mLmGDMT8nyQoPQsrXu5tgQU8dEMv3 dfpg==
X-Gm-Message-State: AA6/9Rkld+VFAz1jtxwH7OuBBgjhAggGXC00Tk+FOsY/UHvqcyOR3/aq5cKZXazalNUGxBcIMMrzSn0iUbK16Q==
X-Received: by 10.194.95.69 with SMTP id di5mr16851691wjb.54.1475777931818; Thu, 06 Oct 2016 11:18:51 -0700 (PDT)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.194.167.69 with HTTP; Thu, 6 Oct 2016 11:18:51 -0700 (PDT)
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 06 Oct 2016 14:18:51 -0400
X-Google-Sender-Auth: Mj2TBtunl-xdnIm0adVqv1bEgg8
Message-ID: <CAMm+LwjugcEcru2k0YNdqn+bduTNo5LuzvcHQbu3SYz=TOY3mA@mail.gmail.com>
To: IETF OpenPGP <openpgp@ietf.org>
Content-Type: multipart/alternative; boundary="047d7bdc8f6e64bf64053e36537e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/4As_wudTwxIonGI7LRMugikgrJA>
Subject: [openpgp] Fingerprint Workfactor Hardening.
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 18:18:55 -0000
I had been somewhat concerned that this might be affected by https://www.google.com/patents/US7929689 However looking through the patent, it appears that the inventive step Microsoft is claiming is the use of a salt to make this process more efficient rather than the process itself. This does not put the mechanism in the clear, we still need to go through the Microsoft lawyers to be safe. But it is a lot easier to get a company to agree that a scheme doesn't infringe than permit open use of a valid claim. I am working on the doc right now. Note this is an update of the UDF doc that has the purpose of pinging the MSFT lawyers. Compressed Presentation Fingerprint compression permits the use of shorter fingerprint presentation without a reduction in the attacker work factor by requiring the fingerprint value to match a particular pattern. UDF fingerprints MUST use compression if possible. A compressed fingerprint uses a version identifier that specifies the form of compression used as follows: 96 No compression 97 First 25 bits are zeros 98 First 40 bits are zeros 99 First 50 bits are zeros 100 First 55 bits are zeros Thus the fingerprint that would be represented in uncompressed form as MAAAA-AAWIY-LTMFTG-CZTRO is instead represented as MBWIY-LTMFTG-CZTRO.
- [openpgp] Fingerprint Workfactor Hardening. Phillip Hallam-Baker