Re: [TLS] is it good using password for authentication only?
Manuel Pegourie-Gonnard <mpg2@elzevir.fr> Sun, 19 July 2015 10:21 UTC
Return-Path: <mpg2@elzevir.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2049D1A8AC0 for <tls@ietfa.amsl.com>; Sun, 19 Jul 2015 03:21:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.96
X-Spam-Level:
X-Spam-Status: No, score=-0.96 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, J_CHICKENPOX_48=0.6, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q4qVTyecazEn for <tls@ietfa.amsl.com>; Sun, 19 Jul 2015 03:21:18 -0700 (PDT)
Received: from mordell.elzevir.fr (mordell.elzevir.fr [IPv6:2001:4b98:dc0:41:216:3eff:feeb:c406]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 236361A8ABD for <tls@ietf.org>; Sun, 19 Jul 2015 03:21:18 -0700 (PDT)
Received: from thue.elzevir.fr (thue.elzevir.fr [88.165.216.11]) by mordell.elzevir.fr (Postfix) with ESMTPS id 48577160B4; Sun, 19 Jul 2015 12:21:16 +0200 (CEST)
Received: from [31.133.176.74] (dhcp-b04a.meeting.ietf.org [31.133.176.74]) by thue.elzevir.fr (Postfix) with ESMTPSA id 653491FA1E; Sun, 19 Jul 2015 12:21:15 +0200 (CEST)
Message-ID: <55AB7A19.5030502@elzevir.fr>
Date: Sun, 19 Jul 2015 12:21:13 +0200
From: Manuel Pegourie-Gonnard <mpg2@elzevir.fr>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Bingzheng Wu <bingzheng.wbz@alibaba-inc.com>, tls <tls@ietf.org>
References: <----3-------MPf3-$e9162029-e7fe-4f8d-9805-569a4c7475b1@alibaba-inc.com>, 011401d0aa68$af6818e0$0e384aa0$@alibaba-inc.com <----3-------MPf3-$9050573e-2304-452c-9b77-668deaf79dd6@alibaba-inc.com>
In-Reply-To: <----3-------MPf3-$9050573e-2304-452c-9b77-668deaf79dd6@alibaba-inc.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/QhyRbzWbc7qEbMR9O_HM6U4uY0A>
Subject: Re: [TLS] is it good using password for authentication only?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2015 10:21:20 -0000
Hi, On 6/19/15 13:03, Bingzheng Wu wrote: > I am wrong again. Adding master-secret is useless. > > Now I think that asymmetric crypto must be used to prevent offline directory attack, which is the way PAKE works as. > I'm probably wrong since I only thought about it for a few minutes, but it seems to me that the PasswordVerify message would be encrypted with (keys derived from) the handshake master secret, which would prevent offline attacks. What am I missing? > Sorry for disturbing. > Probably sorry too :) Manuel. > ------------------------------------------------------------------ > From:武炳正(允中) <bingzheng.wbz@alibaba-inc.com> > Time:2015 Jun 19 (Fri) 16:19 > To:武炳正(允中) <bingzheng.wbz@alibaba-inc.com>, tls <tls@ietf.org> > Subject:RE: [TLS] is it good using password for authentication only? > > Maybe I realize the problem. The PasswordVerify message is susceptible to > offline dictionary attacks. > > Dose it become resistant to the attack if we add some secret generated from > master-secret into the HASH? > > PasswordVerify = HASH(username, passward, handshake_message_hash, > master-secret, label) > > This becomes involved with key-exchange, but it is not involved with any > specific key-exchange method. > It just need the key-exchange result. > > > Bingzheng > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
- [TLS] is it good using password for authenticatio… Bingzheng Wu
- Re: [TLS] is it good using password for authentic… Bingzheng Wu
- Re: [TLS] is it good using password for authentic… Bingzheng Wu
- Re: [TLS] is it good using password for authentic… Manuel Pegourie-Gonnard
- Re: [TLS] is it good using password for authentic… Thijs van Dijk
- Re: [TLS] is it good using password for authentic… Mike Hamburg
- Re: [TLS] is it good using password for authentic… Manuel Pegourie-Gonnard