Re: [TLS] is it good using password for authentication only?

Manuel Pegourie-Gonnard <mpg2@elzevir.fr> Sun, 19 July 2015 10:21 UTC

Return-Path: <mpg2@elzevir.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2049D1A8AC0 for <tls@ietfa.amsl.com>; Sun, 19 Jul 2015 03:21:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.96
X-Spam-Level:
X-Spam-Status: No, score=-0.96 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, J_CHICKENPOX_48=0.6, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q4qVTyecazEn for <tls@ietfa.amsl.com>; Sun, 19 Jul 2015 03:21:18 -0700 (PDT)
Received: from mordell.elzevir.fr (mordell.elzevir.fr [IPv6:2001:4b98:dc0:41:216:3eff:feeb:c406]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 236361A8ABD for <tls@ietf.org>; Sun, 19 Jul 2015 03:21:18 -0700 (PDT)
Received: from thue.elzevir.fr (thue.elzevir.fr [88.165.216.11]) by mordell.elzevir.fr (Postfix) with ESMTPS id 48577160B4; Sun, 19 Jul 2015 12:21:16 +0200 (CEST)
Received: from [31.133.176.74] (dhcp-b04a.meeting.ietf.org [31.133.176.74]) by thue.elzevir.fr (Postfix) with ESMTPSA id 653491FA1E; Sun, 19 Jul 2015 12:21:15 +0200 (CEST)
Message-ID: <55AB7A19.5030502@elzevir.fr>
Date: Sun, 19 Jul 2015 12:21:13 +0200
From: Manuel Pegourie-Gonnard <mpg2@elzevir.fr>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Bingzheng Wu <bingzheng.wbz@alibaba-inc.com>, tls <tls@ietf.org>
References: <----3-------MPf3-$e9162029-e7fe-4f8d-9805-569a4c7475b1@alibaba-inc.com>, 011401d0aa68$af6818e0$0e384aa0$@alibaba-inc.com <----3-------MPf3-$9050573e-2304-452c-9b77-668deaf79dd6@alibaba-inc.com>
In-Reply-To: <----3-------MPf3-$9050573e-2304-452c-9b77-668deaf79dd6@alibaba-inc.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/QhyRbzWbc7qEbMR9O_HM6U4uY0A>
Subject: Re: [TLS] is it good using password for authentication only?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2015 10:21:20 -0000

Hi,

On 6/19/15 13:03, Bingzheng Wu wrote:
> I am wrong again. Adding master-secret is useless.
>
> Now I think that asymmetric crypto must be used to prevent offline directory attack, which is the way PAKE works as.
>
I'm probably wrong since I only thought about it for a few minutes, but 
it seems to me that the PasswordVerify message would be encrypted with 
(keys derived from) the handshake master secret, which would prevent 
offline attacks.

What am I missing?

> Sorry for disturbing.
>
Probably sorry too :)

Manuel.


> ------------------------------------------------------------------
> From:武炳正(允中) <bingzheng.wbz@alibaba-inc.com>
> Time:2015 Jun 19 (Fri) 16:19
> To:武炳正(允中) <bingzheng.wbz@alibaba-inc.com>, tls <tls@ietf.org>
> Subject:RE: [TLS] is it good using password for authentication only?
>
> Maybe I realize the problem. The PasswordVerify message is susceptible to
> offline dictionary attacks.
>
> Dose it become resistant to the attack if we add some secret generated from
> master-secret into the HASH?
>
>    PasswordVerify = HASH(username, passward, handshake_message_hash,
> master-secret, label)
>
> This becomes involved with key-exchange, but it is not involved with any
> specific key-exchange method.
> It just need the key-exchange result.
>
>
> Bingzheng
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>