[TLS] 转发: Re: ´ð¸´: Re: OT: WPA2-PSK vs. TLS-PSK (was about the PWD Proposal)

zhou.sujing@zte.com.cn Wed, 14 December 2011 05:56 UTC

Return-Path: <zhou.sujing@zte.com.cn>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 09B4711E8089 for <tls@ietfa.amsl.com>; Tue, 13 Dec 2011 21:56:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.31
X-Spam-Status: No, score=-99.31 tagged_above=-999 required=5 tests=[AWL=2.076, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_DOUBLE_IP_LOOSE=0.76, SARE_SUB_ENC_UTF8=0.152, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id zDbOAn2+58dg for <tls@ietfa.amsl.com>; Tue, 13 Dec 2011 21:56:49 -0800 (PST)
Received: from mx5.zte.com.cn (mx6.zte.com.cn []) by ietfa.amsl.com (Postfix) with ESMTP id E32A321F85B1 for <tls@ietf.org>; Tue, 13 Dec 2011 21:56:19 -0800 (PST)
Received: from [] by mx5.zte.com.cn with surfront esmtp id 566901626001193; Wed, 14 Dec 2011 13:39:44 +0800 (CST)
Received: from [] by [] with StormMail ESMTP id 43852.2347441809; Wed, 14 Dec 2011 13:56:09 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([]) by mse01.zte.com.cn with ESMTP id pBE5u1UJ048179; Wed, 14 Dec 2011 13:56:02 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn)
To: "tls@ietf.org" <tls@ietf.org>
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OF84230A34.3BA1293F-ON48257966.0020895D-48257966.002098B0@zte.com.cn>
From: zhou.sujing@zte.com.cn
Date: Wed, 14 Dec 2011 13:55:54 +0800
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2011-12-14 13:56:03, Serialize complete at 2011-12-14 13:56:03
Content-Type: multipart/alternative; boundary="=_alternative 002098AE48257966_="
X-MAIL: mse01.zte.com.cn pBE5u1UJ048179
Subject: [TLS] =?utf-8?b?6L2s5Y+ROiBSZTogICAgICDCtMOwwrjCtDogUmU6ICBPVDog?= =?utf-8?q?WPA2-PSK_vs=2E_TLS-PSK______=28was__about_the_PWD_Proposal=29?=
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2011 05:56:50 -0000


-Sujing Zhou
----- 转发人 周苏静00132831/user/zte_ltd 时间 2011-12-14 13:55 -----

2011-12-14 13:53

"Dan Harkins" <dharkins@lounge.org>

答复: Re:      ´ð¸´: Re: [TLS] OT: WPA2-PSK vs. TLS-PSK      (was  about 
the PWD Proposal)


-Sujing Zhou

"Dan Harkins" <dharkins@lounge.org> 写于 2011-12-14 13:42:19:

>   Hello,
> On Tue, December 13, 2011 5:28 pm, zhou.sujing@zte.com.cn wrote:
> > Regards~~~
> >
> > -Sujing Zhou
> >
> > tls-bounces@ietf.org дÓÚ 2011-12-13 10:46:15:
> >
> >>
> >> On Mon, December 12, 2011 6:01 pm, Martin Rex wrote:
> >> > Off-topic:
> >>
> >>   Indeed! :-)
> >>
> >> > Dan Harkins wrote:
> >> >>
> >> >>
> >>   Protocols that lose security when deployed in the easiest and most
> >> straightforward manner (i.e. the way everyone's gonna deploy it!) are
> >> extremely fragile. To tie it all back to what this thread used to be,
> >> when one uses a password with a protocol based on a zero knowledge
> >> proof
> >> there's a certain amount of robustness and misuse resistance. You
> >> should
> >> not share a password but if you do it will not give an adversary an
> >> advantage in determining the password because it still takes 1 active
> >> attack to some other protocol participant to check each candidate
> >> password in the dictionary-- do 50 attacks against a single device or
> >> 1 attack against 50 devices, it's no different.
> >
> > Is the PWD protocol in discussion a one based on zero knowledge proof?
> > I doubt it. Server knows the salted pwd at least, absolutly not zero
> > knowledge.
>   A zero knowledge proof does not mean that both sides know nothing,
> it means that a proof of knowledge of a secret is provided without
> exposing anything about the secret (or some derivative of the secret).
> The only thing an adversary can learn is whether a single guess of the
> password is correct and it takes an active attack to learn that.

proof of knowledge should be diff with zero-knowledge, if the protocol 
under discussion 
is a real zero-knowledge or a proof of knowledge, a proof should be given 
showing that
attacker's view cannot be unnegligible distinguishable from random context 
in the case of zero knowledge
, or the knowledge can be extracted in the case of proof of knowledge.

As far as I know the most effient PoK is based on Schnorr's scheme, while 
no Pwd based authentication schemes
can be called a ZK protocol or a PoK。

> > and dictionary attack is not needed, since what is realy needed to
> > authenticate the client
> > is the calculated PE (salted pwd).
> >
> >  Maybe I missed something, If I am wrong please point out.  Thanks!
>   Well of course if an adversary knows the calculated PE it can
> do all sorts of things. How does the adversary learn the calculated
> PE though? The protocol is resistant to any attack the adversary can
> launch against it. If the server's database of passwords (salted or not)
> is compromised then all bets are off but that's not an attack against
> the protocol.

So , it is no point considering of salt should be taken here.

>   regards,
>   Dan.

ZTE Information Security Notice: The information contained in this mail is solely property of the sender's organization. This mail communication is confidential. Recipients named above are obligated to maintain secrecy and are not permitted to disclose the contents of this communication to others.
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the originator of the message. Any views expressed in this message are those of the individual sender.
This message has been scanned for viruses and Spam by ZTE Anti-Spam system.