Re: [secdir] secdir review of draft-harkins-salted-eap-pwd-06
Stefan Winter <stefan.winter@restena.lu> Mon, 10 October 2016 07:03 UTC
Return-Path: <stefan.winter@restena.lu>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 035C3129413; Mon, 10 Oct 2016 00:03:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.895
X-Spam-Level:
X-Spam-Status: No, score=-4.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.996, WEIRD_PORT=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5SiE-sT2REXD; Mon, 10 Oct 2016 00:03:24 -0700 (PDT)
Received: from smtprelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6769A128E18; Mon, 10 Oct 2016 00:03:24 -0700 (PDT)
Received: from aragorn.restena.lu (aragorn.restena.lu [IPv6:2001:a18:1:8::155]) by smtprelay.restena.lu (Postfix) with ESMTPS id B678243A7A; Mon, 10 Oct 2016 09:03:22 +0200 (CEST)
To: Simon Josefsson <simon@josefsson.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
References: <87fuosqtkh.fsf@latte.josefsson.org> <66a779c8-d87b-7c70-c7cf-7eabc48f9880@lounge.org> <20160924111622.6d1308ce@latte.josefsson.org> <69d90890-3c84-46e2-d1ef-0e264e28d568@lounge.org> <CAHbuEH5U5HmAkxhVqv_z9pB98bH6FcdYb3SJV5Odr88bUJYowQ@mail.gmail.com> <20161010081355.2a597c69@latte.josefsson.org>
From: Stefan Winter <stefan.winter@restena.lu>
Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Message-ID: <a4501c48-60f1-6bcd-aa56-83f7c4948293@restena.lu>
Date: Mon, 10 Oct 2016 09:03:22 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <20161010081355.2a597c69@latte.josefsson.org>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="hrKatsw4Q6t4NNH830pfUTQEgVtvQ09hv"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/E8t5aqPcpTCN8zuBtTC6t-ucCUI>
Cc: draft-harkins-salted-eap-pwd.all@ietf.org, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-harkins-salted-eap-pwd-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2016 07:03:27 -0000
Hello, > I still believe it is a bad idea to describe non-iterative password > protection schemes at all. We have had 15+ years of bad incidents with > salted password databases that suggest it is time to stop doing that. This is not the ocean this draft attempts to boil. The draft does not make any recommendations about how to store passwords. It attempts to make password databases usable with a new EAP type. I don't think you are actually stating that salt-hash databases don't exist in massive amounts in deployed reality? Because saying so would be quite silly; they do exist. If we were to ignore that deployed reality and spec the draft merely around PBKDF2 and some, we'd have an EAP type supporting only a tiny fraction of password databases out there. All the rest of deployed reality is left without a good zero-knowledge EAP type and is remains stranded with "traditional" PKIX-style server validations with either a cleartext password or a lousy NT-Hash inside the TLS tunnel - which, as our experience in a world-scale EAP-based roaming consortium shows, means: no protection at all for many because end users ignore all certificate warnings given half a chance to. It is actually quite easy to improve security for virtually everybody using EAP: it's these few paragraphs in the draft which describe how to use salted databases. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
- [secdir] secdir review of draft-harkins-salted-ea… Simon Josefsson
- Re: [secdir] secdir review of draft-harkins-salte… Dan Harkins
- Re: [secdir] secdir review of draft-harkins-salte… Simon Josefsson
- Re: [secdir] secdir review of draft-harkins-salte… Kathleen Moriarty
- Re: [secdir] secdir review of draft-harkins-salte… Stefan Winter
- Re: [secdir] secdir review of draft-harkins-salte… Simon Josefsson
- Re: [secdir] secdir review of draft-harkins-salte… Simon Josefsson
- Re: [secdir] secdir review of draft-harkins-salte… Dan Harkins
- Re: [secdir] secdir review of draft-harkins-salte… Simon Josefsson
- Re: [secdir] secdir review of draft-harkins-salte… Dan Harkins