Re: [saag] Improving the CHAP protocol

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Sat, 05 October 2019 11:21 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3525E120815 for <saag@ietfa.amsl.com>; Sat, 5 Oct 2019 04:21:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uGCNdm8ElKdv for <saag@ietfa.amsl.com>; Sat, 5 Oct 2019 04:21:49 -0700 (PDT)
Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830125.outbound.protection.outlook.com [40.107.83.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 143BB1202DD for <saag@ietf.org>; Sat, 5 Oct 2019 04:21:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Lv2N9wVNFdAAsb1LkziUs1ke+WERoLuU/GQ+7qc86KHCGaeDtI6WbNw9QtV0cMUf8olbFg6NXZ8awlwaUGPO1ve6tOWF4CSk2+gK/Q/Vot6b0pLgzkalECB73/uOmTXGlBMqsU0YtZFI/n+teXt0inRc04zgYD0zg30wj2U/ji6jxEMZ6vS4iELij3/yJaz2z8ZqLIX8yhgo23ssZZcOqDIIlWy5kO8D5iUpbbBC18fZGvkhBrpBUilXYO+E/2U2RjZqLgFJI5k1AqxBoln8HjJ09tM7NZUVAW3c/ZAFhMgtGh9UKY0KcC4bW+CTdqIXBVs6QJLcSC0C4VdwjlSnMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GuU/FjGRfLO9n1a6xZr+Wm655N02qrN8kVW3Qz3CL0Q=; b=lM7Q3cDJAZPlzivn7XaHMwdIiOFVWP2kA0mwBZrBS/HNlsWXJzEgZJa2HWSheXf7lCU9++lsThCG+56dnOro1G8TyE5S18vthur2vrtNn0pBL9CP3e6mzP9TLhnj/sUiGfph8H3ULVgftjC1/Q5MdRzmOADy3dSVjhzNzplscXFQrs8kr3PXQsrkI5hJXcaRh9hiyc9lAajfOFiL6zhMNH9z4OCjB2tFyETlL8LLT5QHYofQt+pg86dKYSHK35sAl92eYXpcKfBRYOOTTiY7/UwEYuTF8sgDsao1DWTgRMck6gn6uf7rmAM5RUO31TBPivcjOpj0b/HV43MGimy0pw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GuU/FjGRfLO9n1a6xZr+Wm655N02qrN8kVW3Qz3CL0Q=; b=EhXwHZrR+xvYOXHkrdy1CzZzP8Ml+2jpeMvhgqSu/1sxweBL7kV4gygkQEEhOWHM+Ek38SG+HpVeXqyi6fadl+hjRoBynGAKXXT+zCdyTbPrnVxvmT6hH+ejh1cJv7aJNIgT0hAH2CEP8GRoN95N7ZnQi/w0jyuBG9zySMUwbuM=
Received: from MW2PR0901MB3785.namprd09.prod.outlook.com (52.132.153.143) by MW2PR0901MB2426.namprd09.prod.outlook.com (52.132.151.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.23; Sat, 5 Oct 2019 11:21:46 +0000
Received: from MW2PR0901MB3785.namprd09.prod.outlook.com ([fe80::541d:424d:f9b6:5dd5]) by MW2PR0901MB3785.namprd09.prod.outlook.com ([fe80::541d:424d:f9b6:5dd5%7]) with mapi id 15.20.2327.023; Sat, 5 Oct 2019 11:21:46 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "Mark D. Baushke" <mdb=40juniper.net@dmarc.ietf.org>, Jim Schaad <ietf@augustcellars.com>
CC: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] Improving the CHAP protocol
Thread-Index: AQHVbhycMHNjF0f1WkKcU2xOH+ATAKc2abmAgAKtrACAAJaMgIABRZUAgAG2pICAAAjIgIAAGs6AgADSvACADl0Jqg==
Date: Sat, 5 Oct 2019 11:21:45 +0000
Message-ID: <MW2PR0901MB3785D8A402F1C63891DB577CF3990@MW2PR0901MB3785.namprd09.prod.outlook.com>
References: <9641f69d-0ffb-1c1d-7fb6-98ef4a54ad2c@redhat.com> <1569087342890.52733@cs.auckland.ac.nz> <4354cf7e-74f2-d36c-5fa0-587a2118a507@redhat.com> <CE03DB3D7B45C245BCA0D243277949363070E288@MX307CL04.corp.emc.com> <1569336830344.45369@cs.auckland.ac.nz> <CE03DB3D7B45C245BCA0D2432779493630711EBF@MX307CL04.corp.emc.com> <01ae01d573c7$97de44b0$c79ace10$@augustcellars.com> <26766.1569438669@contrail-ubm16-mdb.svec1.juniper.net>, <2558A4D5-B732-4862-9692-A86735A82BD1@ericsson.com>
In-Reply-To: <2558A4D5-B732-4862-9692-A86735A82BD1@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-originating-ip: [2610:20:6005:219::67]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2ad95c01-8d56-4612-93e9-08d74986350c
x-ms-office365-filtering-ht: Tenant
x-ms-traffictypediagnostic: MW2PR0901MB2426:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MW2PR0901MB242643FA60BC1F07F8ED8020F3990@MW2PR0901MB2426.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 0181F4652A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(136003)(366004)(39860400002)(376002)(189003)(199004)(53754006)(13464003)(46003)(6306002)(102836004)(52536014)(105004)(606006)(7696005)(486006)(5660300002)(476003)(76176011)(966005)(6436002)(53546011)(6506007)(6246003)(186003)(45080400002)(54896002)(55016002)(14444005)(99286004)(256004)(11346002)(14454004)(446003)(74316002)(9686003)(19627405001)(229853002)(478600001)(236005)(7736002)(76116006)(4326008)(33656002)(71190400001)(91956017)(110136005)(2906002)(8936002)(6116002)(21615005)(316002)(64756008)(66476007)(66446008)(66556008)(25786009)(81166006)(86362001)(81156014)(8676002)(66946007)(71200400001); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR0901MB2426; H:MW2PR0901MB3785.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kZBJADVA3oUvR/yK9K/sKd0wmFZW33kVowzwWynM/SVHzt2ZnNo5xY2I6jMhoFcSpYYB6ZfmLpXz27MejDGu39w/SEnqOEuDOs2Gihj8Fu45uDEmHmmf2rLFvp7ASVEryW0Ei+YCG447YO67APXGAe4dkQv248NNUin6a+RE++g/39/JS6kSIeB53zCI82Bt6y7F/jJqbysGp2DaUv3q3ZFgA0ZgDrNu7sW2CTADxXASBQUtQAuD6MbQ+Ze/TjP5xc0z8Vj9rslygL26ImOnMRsZGivAv/15kPbg0wZ17xJ3ftDo4XuSvYhqnbcKIjRLJwUIJ+v+cn1Cl+ad3uG2yuxTmrjg9JvADFnB5IGIt7DY7wmooZnudM1AtiP9w5d7WNAXu51naUs/jTYaCNwLPg0wU1fm8oTqwI44bScjzGnKxEB3NjAkW3dV2lYUXA2MZfMb9w7LG44qWmwQzLgV0A==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MW2PR0901MB3785D8A402F1C63891DB577CF3990MW2PR0901MB3785_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 2ad95c01-8d56-4612-93e9-08d74986350c
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Oct 2019 11:21:45.8437 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: G0ZzJKOpeIOfecRL7jYSNF8y4W33AmLtvw8uvNv8fuUxrpPv8Jukr2aStVzOSq4U
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR0901MB2426
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/5uLAK08QYwz4dfnfDaO-xEDapBo>
Subject: Re: [saag] Improving the CHAP protocol
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Oct 2019 11:22:01 -0000

Hi all,

SHAKE128/256 is about 25% faster than SHA3-256. They both have the same level of collision resistance strength: 128 bits.

In a MAC mode (such as KMAC), SHAKE128 has 256 bits of security if the MAC key has at least 256 bits of security and the tag (output size) is at least 256 bits, for practical purposes.

https://keccak.team/2017/is_sha3_slow.html gives performance information about SHAKEs (Keccak). The site has a lot of other information about Keccak.

SHAKE128/256 is not a NIST-approved hash function for general uses. NIST will evaluate each use case of SHAKE128 and/or SHAKE256 when requested, then make a decision whether or not such use case is allowed.

Regards,
Quynh.
________________________________
From: saag <saag-bounces@ietf.org>; on behalf of John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>;
Sent: Thursday, September 26, 2019 3:45 AM
To: Mark D. Baushke <mdb=40juniper.net@dmarc.ietf.org>;; Jim Schaad <ietf@augustcellars.com>;
Cc: saag@ietf.org <saag@ietf.org>;
Subject: Re: [saag] Improving the CHAP protocol

I would also prefer SHAKE compared to SHA3-256. I think SHAKE128 offer enough security for the foreseeable future, but just SHAKE256 may be better if we want a single algorithm to fulfil 256-bit security requirements from e.g. governments. Do/will any constrained IoT devices use CHAP? Then their requirements should be taken into account.

/John

-----Original Message-----
From: saag <saag-bounces@ietf.org>; on behalf of "Mark D. Baushke" <mdb=40juniper.net@dmarc.ietf.org>;
Date: Wednesday, 25 September 2019 at 21:11
To: Jim Schaad <ietf@augustcellars.com>;
Cc: "saag@ietf.org"; <saag@ietf.org>;
Subject: Re: [saag] Improving the CHAP protocol

    Jim Schaad <ietf@augustcellars.com>; writes:

    > If you do that, I don't know if you want SHA3-256 or SHAKE. SHAKE
    > seems to be used more from what I have seen so far.

    I think SHAKE256 is the better entry in my opinion if you want something
    for the future.

    I believe you will find implementations in popular crypto libraries
    (provided in alphabetical order) such as Bouncy Castle, Crypto++,
    Libgcrypt, and OpenSSL.

         -- Mark

    _______________________________________________
    saag mailing list
    saag@ietf.org
    https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsaag&amp;data=02%7C01%7Cquynh.dang%40nist.gov%7C8ac8ec7163fc4d0e38d608d742559cce%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637050807783734465&amp;sdata=UYupbWuiuo2Xysd%2BFTYsNPj4scK14C0v0vNPIvSJrnM%3D&amp;reserved=0


_______________________________________________
saag mailing list
saag@ietf.org
https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsaag&amp;data=02%7C01%7Cquynh.dang%40nist.gov%7C8ac8ec7163fc4d0e38d608d742559cce%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637050807783744472&amp;sdata=%2Fvogrn2BoNojJGWZtinoMDGbbIjvgLWEoOXN%2BnBFLqw%3D&amp;reserved=0