Re: [TLS] one time passwords from private keys
Adam Langley <agl@imperialviolet.org> Sun, 28 February 2010 17:36 UTC
Return-Path: <alangley@gmail.com>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8413828C0DB for <tls@core3.amsl.com>; Sun, 28 Feb 2010 09:36:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PtFnE8wgrY7k for <tls@core3.amsl.com>; Sun, 28 Feb 2010 09:36:29 -0800 (PST)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by core3.amsl.com (Postfix) with ESMTP id 44AF028C0E8 for <tls@ietf.org>; Sun, 28 Feb 2010 09:36:29 -0800 (PST)
Received: by vws20 with SMTP id 20so777512vws.31 for <tls@ietf.org>; Sun, 28 Feb 2010 09:36:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to:cc :content-type:content-transfer-encoding; bh=tcrhH32rD8wxWcfIE1uY3teju/o/jSkSveRRem29XRA=; b=rBkKP3XCZRsk15fWihFEp9SA3qgXgn0ifZPEl8zRHIpadWZUzgwK8P2RfowAFRatXM sOgy6RtPrbgEEnDKFNCqCNGH95ha4W384gKhbNck26X/zCT+I8SJMXFw0ngXZssdTyqr 5GWFsHPCDfBeUhldEFTSes9gEywPGIvkm3nxM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=gIqUxqH3bQsLZLqyaZ6tkHWzM/Ll0Sd4OU9qiRgm+tLurxfTbBlyLSNCn7Mc4SJzfj 8kkYgYa6yiAyMNfNFD2fkOx+yZcPH+qJlzAovxvEUHpdP/gwYA4EncSeZMyqVVIiQjgS g1TMksozavDlspwVVV9IIXzpKY3CP0pdWuIMU=
MIME-Version: 1.0
Sender: alangley@gmail.com
Received: by 10.220.4.21 with SMTP id 21mr2342509vcp.222.1267378584550; Sun, 28 Feb 2010 09:36:24 -0800 (PST)
In-Reply-To: <05EB46EE-D6DF-4532-AE0E-36EC4445EEA9@bblfish.net>
References: <F0763843-BDC8-4E32-A3AE-2AE19BFC012F@bblfish.net> <1b587cab1002280709v68fafk1d34faf9029e3eb9@mail.gmail.com> <1b587cab1002280801g1eefd37aq19c58457834aa567@mail.gmail.com> <05EB46EE-D6DF-4532-AE0E-36EC4445EEA9@bblfish.net>
Date: Sun, 28 Feb 2010 12:36:24 -0500
X-Google-Sender-Auth: 3f025ad3078b8d51
Message-ID: <396556a21002280936v4446c183jfba101eee97bb89a@mail.gmail.com>
From: Adam Langley <agl@imperialviolet.org>
To: Story Henry <henry.story@bblfish.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: tls@ietf.org
Subject: Re: [TLS] one time passwords from private keys
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 28 Feb 2010 17:36:30 -0000
On Sun, Feb 28, 2010 at 11:58 AM, Story Henry <henry.story@bblfish.net> wrote: > Yes, but I think that would make for a string that would be too long for a human being to type into a password field. Such a string should not be more than 5 to 6 characters long. If we assume that the public key is widely known, then an attacker knows all the information that the legitimate authenticator knows. Thus the attacker can brute force the password offline, in real time. A six character password is, roughly, 30-bits. Assuming a 1024-bit modulus a desktop computer can probably do 2**18 public operations/sec. A hardware implementation might 100x faster. So it doesn't take much to brute force that in seconds - faster than you can expire the nonce because user's only type so quickly. > But to help people who are stuck in bad browser land, we are trying to work on this solution, which won't be any worse than username/passwords - in fact it should be more secure, whilst hopefully giving one one username/passowrd function for all sites. We're aware that Google Chrome is certainly lacking in these respects on some platforms. It's on the todo list and not too far down. AGL -- Adam Langley agl@imperialviolet.org http://www.imperialviolet.org
- [TLS] one time passwords from private keys Story Henry
- Re: [TLS] one time passwords from private keys Ben Laurie
- Re: [TLS] one time passwords from private keys Ben Laurie
- Re: [TLS] one time passwords from private keys Story Henry
- Re: [TLS] one time passwords from private keys Adam Langley
- Re: [TLS] one time passwords from private keys Ben Laurie
- Re: [TLS] one time passwords from private keys Story Henry
- [TLS] one time passwords from private keys Story Henry
- Re: [TLS] one time passwords from private keys Henrik Nordström