Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
Simon Josefsson <simon@josefsson.org> Tue, 18 March 2008 01:19 UTC
Return-Path: <owner-ietf-sasl@mail.imc.org>
X-Original-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Delivered-To: ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5D9933A696D for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Mon, 17 Mar 2008 18:19:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.878
X-Spam-Level:
X-Spam-Status: No, score=-1.878 tagged_above=-999 required=5 tests=[AWL=0.721, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BHO+okp7mphv for <ietfarch-sasl-archive-Zoh8yoh9@core3.amsl.com>; Mon, 17 Mar 2008 18:19:57 -0700 (PDT)
Received: from balder-227.proper.com (cl-240.ewr-01.us.sixxs.net [IPv6:2001:4830:1200:ef::2]) by core3.amsl.com (Postfix) with ESMTP id C10653A6D9B for <sasl-archive-Zoh8yoh9@ietf.org>; Mon, 17 Mar 2008 18:19:56 -0700 (PDT)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m2I1CsjS057392 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Mar 2008 18:12:54 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id m2I1Csg8057391; Mon, 17 Mar 2008 18:12:54 -0700 (MST) (envelope-from owner-ietf-sasl@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-sasl@mail.imc.org using -f
Received: from yxa.extundo.com (yxa.extundo.com [83.241.177.38]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id m2I1CpU5057377 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-sasl@imc.org>; Mon, 17 Mar 2008 18:12:53 -0700 (MST) (envelope-from simon@josefsson.org)
Received: from mocca.josefsson.org (yxa.extundo.com [83.241.177.38]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id m2I1Cmur029179 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 18 Mar 2008 02:12:48 +0100
From: Simon Josefsson <simon@josefsson.org>
To: Chris Newman <Chris.Newman@sun.com>
Cc: ietf-sasl@imc.org
Subject: Re: Crypto agility in SCRAM + draft-josefsson-password-auth?
References: <877ig12v5g.fsf@mocca.josefsson.org> <476A4D3077F1ED511CBDCFE8@446E7922C82D299DB29D899F>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:080318:ietf-sasl@imc.org::110H356w9V5gqZRr:QPnj
X-Hashcash: 1:22:080318:chris.newman@sun.com::aayDlDh4yc+qrABo:XXK2
Date: Tue, 18 Mar 2008 02:12:48 +0100
In-Reply-To: <476A4D3077F1ED511CBDCFE8@446E7922C82D299DB29D899F> (Chris Newman's message of "Mon, 17 Mar 2008 17:48:14 -0700")
Message-ID: <877ig0u967.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
Sender: owner-ietf-sasl@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-ID: <ietf-sasl.imc.org>
List-Unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Chris Newman <Chris.Newman@sun.com> writes: > I am not convinced the security value of PBKDF-2 offsets the > additional complexity it adds. Remember there is negative security > benefit if we use PBKDF-2 and the additional complexity pushes the > mechanism over the edge into the "not worth implementing" category. > It may be not a lot of complexity, but every bit matters. Implementing PBKDF-2 is easy: http://git.sv.gnu.org/gitweb/?p=gnulib.git;a=blob;f=lib/gc-pbkdf2-sha1.c;hb=HEAD You can find PBKDF-2 implemented in some crypto toolkits. Using such toolkits may reduce implementation complexity in some environments. There are test vectors available for PBKDF-2 and also source code examples. Neither is available for the Hi(HMAC()) idea in SCRAM, as far as I can tell. > While I would personally be fine with abandoning MD5 in favor of SHA1 > given my code toolkit has both algorithms, I'm concerned about the > impact. Everyone's code toolkit includes MD5, but use of SHA1 is quite > rare in applications at the moment. Switching away from MD5 will > create a deployment barrier. Again, it doesn't matter how much more > secure SHA1 is than MD5 if the SHA1-based mechanism doesn't deploy and > an MD5-based one might have deployed. I'd like to hear from other > SASL implementers before making a firm decision on this one: do you > have SHA1 in your code toolkit? If not, how hard would it be to add it > and would that be a deployment barrier? In my experience, these days SHA-1 is as widely available as MD5. Any applications that implement TLS has a SHA-1 implementation somewhere. Certainly my SASL library has no problem using SHA-1. /Simon
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Chris Newman
- Crypto agility in SCRAM + draft-josefsson-passwor… Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Nicolas Williams
- Optional domain/realm for SCRAM? (Re: Crypto agil… Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Jeffrey Hutzelman
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Chris Newman
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Chris Newman
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Simon Josefsson
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Simon Josefsson
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Steven Simon
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Hallvard B Furuseth
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Simon Josefsson
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Jeffrey Hutzelman
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Tony Finch
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Jeffrey Hutzelman
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Hallvard B Furuseth
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Hallvard B Furuseth
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Simon Josefsson
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Simon Josefsson
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Hallvard B Furuseth
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Frank Ellermann
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Simon Josefsson
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Nicolas Williams
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Hallvard B Furuseth
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Hallvard B Furuseth
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Hallvard B Furuseth
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Simon Josefsson
- Re: Optional domain/realm for SCRAM? (Re: Crypto … Jeffrey Hutzelman
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Jeffrey Hutzelman
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Sam Hartman
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Sam Hartman
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Sam Hartman
- Re: Crypto agility in SCRAM + draft-josefsson-pas… ned+ietf-sasl
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Nicolas Williams
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Simon Josefsson
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Frank Ellermann
- Re: Crypto agility in SCRAM + draft-josefsson-pas… ned+ietf-sasl
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Hallvard B Furuseth
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Jeffrey Hutzelman
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Hallvard B Furuseth
- Re: Crypto agility in SCRAM + draft-josefsson-pas… Alexey Melnikov