IETF Logo Mail Archive

Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd

Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sat, 07 December 2013 13:20 UTC

Return-Path: <mpg@elzevir.fr>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D75C1AE31F for <tls@ietfa.amsl.com>; Sat, 7 Dec 2013 05:20:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.251
X-Spam-Level:
X-Spam-Status: No, score=-1.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3, RP_MATCHES_RCVD=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PSzZjDTQZolK for <tls@ietfa.amsl.com>; Sat, 7 Dec 2013 05:20:10 -0800 (PST)
Received: from mordell.elzevir.fr (mordell.elzevir.fr [92.243.3.74]) by ietfa.amsl.com (Postfix) with ESMTP id 4ADFD1ADF8D for <tls@ietf.org>; Sat, 7 Dec 2013 05:20:10 -0800 (PST)
Received: from thue.elzevir.fr (thue.elzevir.fr [88.165.216.11]) by mordell.elzevir.fr (Postfix) with ESMTPS id 5FD9B16182 for <tls@ietf.org>; Sat, 7 Dec 2013 14:20:05 +0100 (CET)
Received: from [192.168.0.124] (unknown [192.168.0.254]) by thue.elzevir.fr (Postfix) with ESMTPSA id 612D12982E for <tls@ietf.org>; Sat, 7 Dec 2013 14:20:04 +0100 (CET)
Message-ID: <52A32080.3090601@elzevir.fr>
Date: Sat, 07 Dec 2013 14:20:00 +0100
From: Manuel Pégourié-Gonnard <mpg@elzevir.fr>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.0
MIME-Version: 1.0
To: tls@ietf.org
References: <CACaGApmwcaZuicbdk8zC7K+KPa4=Rav95GJU3t4ALLq3ENwVeg@mail.gmail.com> <6f16d6d556c68a58918423e0419d31eb.squirrel@www.trepanning.net>
In-Reply-To: <6f16d6d556c68a58918423e0419d31eb.squirrel@www.trepanning.net>
X-Enigmail-Version: 1.6
OpenPGP: id=98EED379; url=https://elzevir.fr/gpg/mpg.asc
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] Working Group Last Call for draft-ietf-tls-pwd
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Dec 2013 13:20:13 -0000

On 07/12/2013 00:38, Dan Harkins wrote:
>   It's a balanced PAKE protocol. Like all such schemes (e.g EKE, J-PAKE)
> the database of passwords is presumed to not be available to the
> attacker.
> 
It's not supposed to be available to the attacker, but as CodesInChaos pointed
out, in real life it has an annoying tentency to become available to attackers
much more often than one would like. Anyway, why do you hash & salt the paswords
in the first place, if not to offer some protection in case the database becomes
available to an attacker?

HMAC-SHA256 is a very poor protection, and weak protections are kind of worse
than no protection at all: they give an illusion of security.

Manuel.

v2.23.0 | Report a Bug | By Email