IETF Logo Mail Archive

Re: [saag] SHA-1 to SHA-n transition

Eric Rescorla <ekr@networkresonance.com> Tue, 03 March 2009 17:34 UTC

Return-Path: <ekr@networkresonance.com>
X-Original-To: saag@core3.amsl.com
Delivered-To: saag@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D70B13A67A4 for <saag@core3.amsl.com>; Tue, 3 Mar 2009 09:34:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.546
X-Spam-Level:
X-Spam-Status: No, score=-2.546 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XiHeXgjk4mdU for <saag@core3.amsl.com>; Tue, 3 Mar 2009 09:34:07 -0800 (PST)
Received: from romeo.rtfm.com (romeo.rtfm.com [74.95.2.173]) by core3.amsl.com (Postfix) with ESMTP id 834223A6774 for <saag@ietf.org>; Tue, 3 Mar 2009 09:34:06 -0800 (PST)
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id A169950822; Tue, 3 Mar 2009 09:57:24 -0800 (PST)
Date: Tue, 03 Mar 2009 09:57:24 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
In-Reply-To: <E1LeXZP-0000x0-NP@wintermute01.cs.auckland.ac.nz>
References: <0DE6E86D395C657BABF43B97@minbar.fac.cs.cmu.edu> <E1LeXZP-0000x0-NP@wintermute01.cs.auckland.ac.nz>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20090303175724.A169950822@romeo.rtfm.com>
Cc: saag@ietf.org, mouse@Rodents-Montreal.ORG, Nicolas.Williams@sun.com
Subject: Re: [saag] SHA-1 to SHA-n transition
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2009 17:34:07 -0000

At Wed, 04 Mar 2009 05:34:15 +1300,
Peter Gutmann wrote:
> 
> Jeffrey Hutzelman <jhutz@cmu.edu> writes:
> 
> >How do you expect users to remember not to give away their passwords when
> >they can't be bothered to remember to wash their hands or look both ways
> >before crossing a street?
> 
>  site_password = HMAC( user_password || 128-bit salt, site_URL );
> 
> (or assorted variations thereof, there are a pile of password-fortification 
> techniques around, and all manner of free and low-cost commercial products 
> that implement them).  That way even if they hand their password over a 
> phisher, it won't do the phisher much good.
> 
> At this point I expect the peanut gallery to jump in with the usual million or
> so corner cases where this won't work, but the important point is that the
> above would help most of the people most of the time, and in particular it'd
> help the demographic who are most likely to fall into phisher traps, i.e. non-
> technical people for whom the standard "the salt isn't portable across my
> eight computers and three laptops and therefore your scheme isn't worth
> trying" objection doesn't apply.

Peter,

While I think this general class of solutions has some utility, but
the difficulty is that it requires some UI mechanism to stop the
phisher from convincing the user to type their password
into a dialog which goes directly to the phisher rather
than being hashed. I'm unaware of any general solution to that
problem, and this is not really a corner case but rather the
main case.

-Ekr

v2.23.0 | Report a Bug | By Email