Re: [saag] Improving the CHAP protocol
"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Sat, 05 October 2019 11:21 UTC
Return-Path: <quynh.dang@nist.gov>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3525E120815 for <saag@ietfa.amsl.com>; Sat, 5 Oct 2019 04:21:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nist.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uGCNdm8ElKdv for <saag@ietfa.amsl.com>; Sat, 5 Oct 2019 04:21:49 -0700 (PDT)
Received: from GCC01-CY1-obe.outbound.protection.outlook.com (mail-eopbgr830125.outbound.protection.outlook.com [40.107.83.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 143BB1202DD for <saag@ietf.org>; Sat, 5 Oct 2019 04:21:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Lv2N9wVNFdAAsb1LkziUs1ke+WERoLuU/GQ+7qc86KHCGaeDtI6WbNw9QtV0cMUf8olbFg6NXZ8awlwaUGPO1ve6tOWF4CSk2+gK/Q/Vot6b0pLgzkalECB73/uOmTXGlBMqsU0YtZFI/n+teXt0inRc04zgYD0zg30wj2U/ji6jxEMZ6vS4iELij3/yJaz2z8ZqLIX8yhgo23ssZZcOqDIIlWy5kO8D5iUpbbBC18fZGvkhBrpBUilXYO+E/2U2RjZqLgFJI5k1AqxBoln8HjJ09tM7NZUVAW3c/ZAFhMgtGh9UKY0KcC4bW+CTdqIXBVs6QJLcSC0C4VdwjlSnMA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GuU/FjGRfLO9n1a6xZr+Wm655N02qrN8kVW3Qz3CL0Q=; b=lM7Q3cDJAZPlzivn7XaHMwdIiOFVWP2kA0mwBZrBS/HNlsWXJzEgZJa2HWSheXf7lCU9++lsThCG+56dnOro1G8TyE5S18vthur2vrtNn0pBL9CP3e6mzP9TLhnj/sUiGfph8H3ULVgftjC1/Q5MdRzmOADy3dSVjhzNzplscXFQrs8kr3PXQsrkI5hJXcaRh9hiyc9lAajfOFiL6zhMNH9z4OCjB2tFyETlL8LLT5QHYofQt+pg86dKYSHK35sAl92eYXpcKfBRYOOTTiY7/UwEYuTF8sgDsao1DWTgRMck6gn6uf7rmAM5RUO31TBPivcjOpj0b/HV43MGimy0pw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nist.gov; dmarc=pass action=none header.from=nist.gov; dkim=pass header.d=nist.gov; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GuU/FjGRfLO9n1a6xZr+Wm655N02qrN8kVW3Qz3CL0Q=; b=EhXwHZrR+xvYOXHkrdy1CzZzP8Ml+2jpeMvhgqSu/1sxweBL7kV4gygkQEEhOWHM+Ek38SG+HpVeXqyi6fadl+hjRoBynGAKXXT+zCdyTbPrnVxvmT6hH+ejh1cJv7aJNIgT0hAH2CEP8GRoN95N7ZnQi/w0jyuBG9zySMUwbuM=
Received: from MW2PR0901MB3785.namprd09.prod.outlook.com (52.132.153.143) by MW2PR0901MB2426.namprd09.prod.outlook.com (52.132.151.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2327.23; Sat, 5 Oct 2019 11:21:46 +0000
Received: from MW2PR0901MB3785.namprd09.prod.outlook.com ([fe80::541d:424d:f9b6:5dd5]) by MW2PR0901MB3785.namprd09.prod.outlook.com ([fe80::541d:424d:f9b6:5dd5%7]) with mapi id 15.20.2327.023; Sat, 5 Oct 2019 11:21:46 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "Mark D. Baushke" <mdb=40juniper.net@dmarc.ietf.org>, Jim Schaad <ietf@augustcellars.com>
CC: "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] Improving the CHAP protocol
Thread-Index: AQHVbhycMHNjF0f1WkKcU2xOH+ATAKc2abmAgAKtrACAAJaMgIABRZUAgAG2pICAAAjIgIAAGs6AgADSvACADl0Jqg==
Date: Sat, 05 Oct 2019 11:21:45 +0000
Message-ID: <MW2PR0901MB3785D8A402F1C63891DB577CF3990@MW2PR0901MB3785.namprd09.prod.outlook.com>
References: <9641f69d-0ffb-1c1d-7fb6-98ef4a54ad2c@redhat.com> <1569087342890.52733@cs.auckland.ac.nz> <4354cf7e-74f2-d36c-5fa0-587a2118a507@redhat.com> <CE03DB3D7B45C245BCA0D243277949363070E288@MX307CL04.corp.emc.com> <1569336830344.45369@cs.auckland.ac.nz> <CE03DB3D7B45C245BCA0D2432779493630711EBF@MX307CL04.corp.emc.com> <01ae01d573c7$97de44b0$c79ace10$@augustcellars.com> <26766.1569438669@contrail-ubm16-mdb.svec1.juniper.net>, <2558A4D5-B732-4862-9692-A86735A82BD1@ericsson.com>
In-Reply-To: <2558A4D5-B732-4862-9692-A86735A82BD1@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-originating-ip: [2610:20:6005:219::67]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2ad95c01-8d56-4612-93e9-08d74986350c
x-ms-office365-filtering-ht: Tenant
x-ms-traffictypediagnostic: MW2PR0901MB2426:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <MW2PR0901MB242643FA60BC1F07F8ED8020F3990@MW2PR0901MB2426.namprd09.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-forefront-prvs: 0181F4652A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(396003)(136003)(366004)(39860400002)(376002)(189003)(199004)(53754006)(13464003)(46003)(6306002)(102836004)(52536014)(105004)(606006)(7696005)(486006)(5660300002)(476003)(76176011)(966005)(6436002)(53546011)(6506007)(6246003)(186003)(45080400002)(54896002)(55016002)(14444005)(99286004)(256004)(11346002)(14454004)(446003)(74316002)(9686003)(19627405001)(229853002)(478600001)(236005)(7736002)(76116006)(4326008)(33656002)(71190400001)(91956017)(110136005)(2906002)(8936002)(6116002)(21615005)(316002)(64756008)(66476007)(66446008)(66556008)(25786009)(81166006)(86362001)(81156014)(8676002)(66946007)(71200400001); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR0901MB2426; H:MW2PR0901MB3785.namprd09.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: kZBJADVA3oUvR/yK9K/sKd0wmFZW33kVowzwWynM/SVHzt2ZnNo5xY2I6jMhoFcSpYYB6ZfmLpXz27MejDGu39w/SEnqOEuDOs2Gihj8Fu45uDEmHmmf2rLFvp7ASVEryW0Ei+YCG447YO67APXGAe4dkQv248NNUin6a+RE++g/39/JS6kSIeB53zCI82Bt6y7F/jJqbysGp2DaUv3q3ZFgA0ZgDrNu7sW2CTADxXASBQUtQAuD6MbQ+Ze/TjP5xc0z8Vj9rslygL26ImOnMRsZGivAv/15kPbg0wZ17xJ3ftDo4XuSvYhqnbcKIjRLJwUIJ+v+cn1Cl+ad3uG2yuxTmrjg9JvADFnB5IGIt7DY7wmooZnudM1AtiP9w5d7WNAXu51naUs/jTYaCNwLPg0wU1fm8oTqwI44bScjzGnKxEB3NjAkW3dV2lYUXA2MZfMb9w7LG44qWmwQzLgV0A==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MW2PR0901MB3785D8A402F1C63891DB577CF3990MW2PR0901MB3785_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-Network-Message-Id: 2ad95c01-8d56-4612-93e9-08d74986350c
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Oct 2019 11:21:45.8437 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: G0ZzJKOpeIOfecRL7jYSNF8y4W33AmLtvw8uvNv8fuUxrpPv8Jukr2aStVzOSq4U
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR0901MB2426
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/5uLAK08QYwz4dfnfDaO-xEDapBo>
Subject: Re: [saag] Improving the CHAP protocol
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Oct 2019 11:22:01 -0000
Hi all, SHAKE128/256 is about 25% faster than SHA3-256. They both have the same level of collision resistance strength: 128 bits. In a MAC mode (such as KMAC), SHAKE128 has 256 bits of security if the MAC key has at least 256 bits of security and the tag (output size) is at least 256 bits, for practical purposes. https://keccak.team/2017/is_sha3_slow.html gives performance information about SHAKEs (Keccak). The site has a lot of other information about Keccak. SHAKE128/256 is not a NIST-approved hash function for general uses. NIST will evaluate each use case of SHAKE128 and/or SHAKE256 when requested, then make a decision whether or not such use case is allowed. Regards, Quynh. ________________________________ From: saag <saag-bounces@ietf.org> on behalf of John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org> Sent: Thursday, September 26, 2019 3:45 AM To: Mark D. Baushke <mdb=40juniper.net@dmarc.ietf.org>; Jim Schaad <ietf@augustcellars.com> Cc: saag@ietf.org <saag@ietf.org> Subject: Re: [saag] Improving the CHAP protocol I would also prefer SHAKE compared to SHA3-256. I think SHAKE128 offer enough security for the foreseeable future, but just SHAKE256 may be better if we want a single algorithm to fulfil 256-bit security requirements from e.g. governments. Do/will any constrained IoT devices use CHAP? Then their requirements should be taken into account. /John -----Original Message----- From: saag <saag-bounces@ietf.org> on behalf of "Mark D. Baushke" <mdb=40juniper.net@dmarc.ietf.org> Date: Wednesday, 25 September 2019 at 21:11 To: Jim Schaad <ietf@augustcellars.com> Cc: "saag@ietf.org" <saag@ietf.org> Subject: Re: [saag] Improving the CHAP protocol Jim Schaad <ietf@augustcellars.com> writes: > If you do that, I don't know if you want SHA3-256 or SHAKE. SHAKE > seems to be used more from what I have seen so far. I think SHAKE256 is the better entry in my opinion if you want something for the future. I believe you will find implementations in popular crypto libraries (provided in alphabetical order) such as Bouncy Castle, Crypto++, Libgcrypt, and OpenSSL. -- Mark _______________________________________________ saag mailing list saag@ietf.org https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsaag&data=02%7C01%7Cquynh.dang%40nist.gov%7C8ac8ec7163fc4d0e38d608d742559cce%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637050807783734465&sdata=UYupbWuiuo2Xysd%2BFTYsNPj4scK14C0v0vNPIvSJrnM%3D&reserved=0 _______________________________________________ saag mailing list saag@ietf.org https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsaag&data=02%7C01%7Cquynh.dang%40nist.gov%7C8ac8ec7163fc4d0e38d608d742559cce%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C1%7C637050807783744472&sdata=%2Fvogrn2BoNojJGWZtinoMDGbbIjvgLWEoOXN%2BnBFLqw%3D&reserved=0
- [saag] Improving the CHAP protocol Maurizio Lombardi
- Re: [saag] Improving the CHAP protocol Mark D. Baushke
- Re: [saag] Improving the CHAP protocol Kathleen Moriarty
- Re: [saag] Improving the CHAP protocol Black, David
- Re: [saag] Improving the CHAP protocol Kathleen Moriarty
- Re: [saag] Improving the CHAP protocol Peter Gutmann
- Re: [saag] Improving the CHAP protocol Yoav Nir
- Re: [saag] Improving the CHAP protocol Peter Gutmann
- Re: [saag] Improving the CHAP protocol Alan DeKok
- Re: [saag] Improving the CHAP protocol John Mattsson
- Re: [saag] Improving the CHAP protocol Peter Gutmann
- Re: [saag] Improving the CHAP protocol Maurizio Lombardi
- Re: [saag] Improving the CHAP protocol Black, David
- Re: [saag] Improving the CHAP protocol Alan DeKok
- Re: [saag] Improving the CHAP protocol Peter Gutmann
- Re: [saag] Improving the CHAP protocol Black, David
- Re: [saag] Improving the CHAP protocol Salz, Rich
- Re: [saag] Improving the CHAP protocol Jim Schaad
- Re: [saag] Improving the CHAP protocol Black, David
- Re: [saag] Improving the CHAP protocol Mark D. Baushke
- Re: [saag] Improving the CHAP protocol John Mattsson
- Re: [saag] Improving the CHAP protocol Dang, Quynh (Fed)