[OPSAWG] Question regarding RFC 7860: Password mechanism
Greg MacLellan <greg@gregmaclellan.com> Tue, 19 November 2019 03:07 UTC
Return-Path: <greg@gregmaclellan.com>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DAE4120251 for <opsawg@ietfa.amsl.com>; Mon, 18 Nov 2019 19:07:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7oxgDacbXO66 for <opsawg@ietfa.amsl.com>; Mon, 18 Nov 2019 19:07:18 -0800 (PST)
Received: from websrv04.digitalorphans.org (websrv04.digitalorphans.org [174.142.189.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3C5B120255 for <opsawg@ietf.org>; Mon, 18 Nov 2019 19:07:17 -0800 (PST)
Received: (qmail 19624 invoked from network); 18 Nov 2019 22:07:15 -0500
Authentication-Results: websrv04.digitalorphans.org; spf=pass (sender IP is 209.85.217.54) smtp.mailfrom=greg@gregmaclellan.com smtp.helo=mail-vs1-f54.google.com
Received-SPF: pass (websrv04.digitalorphans.org: connection is authenticated)
Received: from mail-vs1-f54.google.com (209.85.217.54) by websrv04.digitalorphans.org with ESMTPSA (AES128-GCM-SHA256 encrypted, authenticated); 18 Nov 2019 22:07:15 -0500
Received: by mail-vs1-f54.google.com with SMTP id q21so13166505vsg.3 for <opsawg@ietf.org>; Mon, 18 Nov 2019 19:07:15 -0800 (PST)
X-Gm-Message-State: APjAAAXvJry4s1HGunwbW3snhnbcvOOqsv1klkV3urWNLzKl5Y3fGTP7 dvxJ5BOMbA55S/ox2FsrwRao4c/cJhr4Vashq6s=
X-Google-Smtp-Source: APXvYqxMCg3JILi6pFVMv/+DwaR1zmgptqzFLOtnjiFGaTF1Zb4yPD3VId8xwpZRz4kN3YBnCHwSQVCgKADl3b0sZM0=
X-Received: by 2002:a67:2c03:: with SMTP id s3mr804287vss.29.1574132835155; Mon, 18 Nov 2019 19:07:15 -0800 (PST)
MIME-Version: 1.0
From: Greg MacLellan <greg@gregmaclellan.com>
Date: Mon, 18 Nov 2019 22:07:04 -0500
X-Gmail-Original-Message-ID: <CALjx-Cd9US-HfctyRXG-F2qkR9Zw5uw0EbOCKB=Ei7WP1pb+Kg@mail.gmail.com>
Message-ID: <CALjx-Cd9US-HfctyRXG-F2qkR9Zw5uw0EbOCKB=Ei7WP1pb+Kg@mail.gmail.com>
To: opsawg@ietf.org
Content-Type: multipart/alternative; boundary="0000000000007807d60597aa5c2b"
X-PPP-Message-ID: <20191119030715.19620.49163@localhost.localdomain>
X-PPP-Vhost: gregmaclellan.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/MBHWwgkTLDIAxhu8N3yArdZilrU>
Subject: [OPSAWG] Question regarding RFC 7860: Password mechanism
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Nov 2019 03:07:20 -0000
I just came across RFC 7860 while looking for updates to the SNMPv3 authentication models. It's good to see updated hash algorithms, however, I'm confused by several aspects of section 9.3, Derivation of Keys from Passwords: 1. Why is the word "SHOULD" used for this specification? There is no alternative given, and if two systems use a different procedure, they will be unable to authenticate successfully. It seems like "MUST" would be appropriate here. 2. It specifies using the password-to-key algorithm from RFC 3414, however, it seems like this algorithm has no technical merit, and I cannot find any basis for why this is a good idea. Using a predictable 1MB input to the hash *lowers *its security as compared to using the input directly, as it drastically lowers the effective entropy. For example, the passwords "abc" and "abcabc" and "abcabcabc" are now equivalent. In addition, there is a performance cost for doing this, but without the full security benefits of an actual "slow-hash" (such as scrypt, bcrypt or PBKDF2). 3. The algorithm then says to combine `digest1 + snmpEngineID + digest1` -- why do this instead of simply `digest1 + snmpEngineID`? Once again, this incurs a performance cost but does nothing to increase the entropy or resistance to brute-force attacks. Thanks
- [OPSAWG] Question regarding RFC 7860: Password me… Greg MacLellan
- Re: [OPSAWG] Question regarding RFC 7860: Passwor… Randy Presuhn