Re: [TLS] is it good using password for authentication only?

"Bingzheng Wu" <bingzheng.wbz@alibaba-inc.com> Fri, 19 June 2015 11:03 UTC

Return-Path: <bingzheng.wbz@alibaba-inc.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC0881A894E for <tls@ietfa.amsl.com>; Fri, 19 Jun 2015 04:03:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.1
X-Spam-Level:
X-Spam-Status: No, score=-1.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_48=0.6, MIME_8BIT_HEADER=0.3, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lXD9KqdTMgi1 for <tls@ietfa.amsl.com>; Fri, 19 Jun 2015 04:03:07 -0700 (PDT)
Received: from out4133-50.mail.aliyun.com (out4133-50.mail.aliyun.com [42.120.133.50]) by ietfa.amsl.com (Postfix) with ESMTP id 6E9091A894A for <tls@ietf.org>; Fri, 19 Jun 2015 04:03:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alibaba-inc.com; s=default; t=1434711785; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type; bh=uCocMO6y1AnR75p5Rr3q67cltFDxPLNwdRsemcLMUMQ=; b=trSZx3uKBOnF3ErtRlKkMK63bPDQHzWvFSckQA2UB1dTRpqBcJvpZv/BL2ee9yKhRe2uS/Rn5IEYY3jd72SGUgCoulRS4BZVclGEdDwnKeOdTqHbaMet1jINKs6VrmFAShinlMZaZpjO4Y3OUmTXvgPDY3NLGjQeSfjt/AGkFCo=
X-Alimail-AntiSpam: AC=PASS; BC=-1|-1; BR=01201311R141e4; FP=0|-1|-1|-1|0|-1|-1|-1; HT=r46d02008; MF=bingzheng.wbz@alibaba-inc.com; PH=DW; RN=2; RT=2; SR=0;
Received: from WS-web (bingzheng.wbz@alibaba-inc.com[42.120.74.157]) by r41g03043.xy2.aliyun.com at Fri, 19 Jun 2015 19:03:02 +0800
Date: Fri, 19 Jun 2015 19:03:02 +0800
From: "Bingzheng Wu" <bingzheng.wbz@alibaba-inc.com>
To: "=?UTF-8?B?5q2m54Kz5q2jKOWFgeS4rSk=?=" <bingzheng.wbz@alibaba-inc.com>, "tls" <tls@ietf.org>
Message-ID: <----3-------MPf3-$9050573e-2304-452c-9b77-668deaf79dd6@alibaba-inc.com>
X-Mailer: Alimail-Mailagent revision 2698616
MIME-Version: 1.0
References: <----3-------MPf3-$e9162029-e7fe-4f8d-9805-569a4c7475b1@alibaba-inc.com>, 011401d0aa68$af6818e0$0e384aa0$@alibaba-inc.com
In-Reply-To: 011401d0aa68$af6818e0$0e384aa0$@alibaba-inc.com
x-aliyun-mail-creator: W4_2697534_hLSTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xOyBXT1c2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzQzLjAuMjM1Ny4xMjQgU2FmYXJpLzUzNy4zNg==2I
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/bj8kbxeb4owQuqmvdgVbWonRGbY>
Subject: Re: [TLS] =?utf-8?q?is_it_good_using_password_for_authentication_only?= =?utf-8?q?=3F?=
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bingzheng Wu <bingzheng.wbz@alibaba-inc.com>
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2015 11:03:07 -0000

I am wrong again. Adding master-secret is useless.

Now I think that asymmetric crypto must be used to prevent offline directory attack, which is the way PAKE works as.

Sorry for disturbing.


------------------------------------------------------------------
From:武炳正(允中) <bingzheng.wbz@alibaba-inc.com>
Time:2015 Jun 19 (Fri) 16:19
To:武炳正(允中) <bingzheng.wbz@alibaba-inc.com>om>, tls <tls@ietf.org>
Subject:RE: [TLS] is it good using password for authentication only?

Maybe I realize the problem. The PasswordVerify message is susceptible to
offline dictionary attacks.

Dose it become resistant to the attack if we add some secret generated from
master-secret into the HASH?

  PasswordVerify = HASH(username, passward, handshake_message_hash,
master-secret, label)

This becomes involved with key-exchange, but it is not involved with any
specific key-exchange method.
It just need the key-exchange result.


Bingzheng