Re: [vwrap] authentication : remove reference to MD5
Barry Leiba <barryleiba.mailing.lists@gmail.com> Tue, 06 April 2010 21:25 UTC
Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: vwrap@core3.amsl.com
Delivered-To: vwrap@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id A8B3B3A69FE for <vwrap@core3.amsl.com>;
Tue, 6 Apr 2010 14:25:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.299
X-Spam-Level:
X-Spam-Status: No, score=-1.299 tagged_above=-999 required=5 tests=[AWL=1.300,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w0kdFo5hXqcE for
<vwrap@core3.amsl.com>; Tue, 6 Apr 2010 14:25:16 -0700 (PDT)
Received: from mail-fx0-f213.google.com (mail-fx0-f213.google.com
[209.85.220.213]) by core3.amsl.com (Postfix) with ESMTP id 2B6643A6A07 for
<vwrap@ietf.org>; Tue, 6 Apr 2010 14:25:09 -0700 (PDT)
Received: by fxm5 with SMTP id 5so386342fxm.29 for <vwrap@ietf.org>;
Tue, 06 Apr 2010 14:25:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:reply-to:in-reply-to
:references:date:received:message-id:subject:from:to:cc:content-type;
bh=Pq2cUfxk2qRKgOajvAteBpqjb8jLsjYIZufOMs24NlU=;
b=vI6eH7oTKquXf/8cN996GNJP0Ff09PkLt0GETyDiFxYMTw+3AiolVpvasGB0Pyyv9E
+AB4XwSC2jvNw26BBWkSZI7iMq3wWXskjZIeL5e1tmJ0tYf5V8wdNG8egrW6Q9pzxIgA
2/FsAYMRXj97WAPrOOTvxdEBXkjuJ8zmxGy7w=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
h=mime-version:reply-to:in-reply-to:references:date:message-id
:subject:from:to:cc:content-type;
b=db/7gJfS7TROj+A44z0Zxtdj1P8SYuubXZZLXlScYCtbX9Iu0EXIlF4Xovt6ALEyxr
crFVzrPVWkpOV4PxqUe5ZzTryzjHEJx4pcI95As76/HEwl5Ktkv0pXePv1dgdJDgP/xP
qsak48NUuRXBW7SZn3VSn8Fw5SJ1Y4XlWgY/w=
MIME-Version: 1.0
Received: by 10.223.112.15 with HTTP; Tue, 6 Apr 2010 14:25:01 -0700 (PDT)
In-Reply-To: <u2vb325928b1004061122u36b2d85cs2a243f2de9231505@mail.gmail.com>
References: <v2zb325928b1004060719nadbc4f76h1be1c4463578fc4a@mail.gmail.com>
<4BBB7705.4060206@stpeter.im>
<u2vb325928b1004061122u36b2d85cs2a243f2de9231505@mail.gmail.com>
Date: Tue, 6 Apr 2010 17:25:01 -0400
Received: by 10.223.62.83 with SMTP id w19mr8079820fah.22.1270589101622;
Tue, 06 Apr 2010 14:25:01 -0700 (PDT)
Message-ID: <r2j6c9fcc2a1004061425w7efff62fu7d6647048a6d92d3@mail.gmail.com>
From: Barry Leiba <barryleiba.mailing.lists@gmail.com>
To: Meadhbh Hamrick <ohmeadhbh@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: vwrap@ietf.org
Subject: Re: [vwrap] authentication : remove reference to MD5
X-BeenThere: vwrap@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: barryleiba@computer.org
List-Id: Virtual World Region Agent Protocol - IETF working group
<vwrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/vwrap>,
<mailto:vwrap-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vwrap>
List-Post: <mailto:vwrap@ietf.org>
List-Help: <mailto:vwrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vwrap>,
<mailto:vwrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Apr 2010 21:25:16 -0000
> so if we simply said "we're going to ditch MD5 in favor of SHA256" > there would be a problem with reverse compatibility of the > authentication data. this is because you can't generate the pre-image > from an MD5 MIC and then use it to generate a SHA256 MIC. (or you > can't do that in a way that insures that your MD5 pre image is the > same as the password.) The usual way to handle this is with a migration process. Credentials are re-hashed with the new algorithm when they're changed, over time. After a time, there's a cutoff and users are forced to change their credentials the next time they log in. The old login has to be supported as long as there are users who have not yet changed... or until someone decides to toss those users. Barry
- [vwrap] authentication : remove reference to MD5 Meadhbh Hamrick
- Re: [vwrap] authentication : remove reference to … Peter Saint-Andre
- Re: [vwrap] authentication : remove reference to … Richard Barnes
- Re: [vwrap] authentication : remove reference to … Meadhbh Hamrick
- Re: [vwrap] authentication : remove reference to … Meadhbh Hamrick
- Re: [vwrap] authentication : remove reference to … Barry Leiba
- Re: [vwrap] authentication : remove reference to … Meadhbh Hamrick
- Re: [vwrap] authentication : remove reference to … Meadhbh Hamrick
- Re: [vwrap] authentication : remove reference to … Patnad Babii
- Re: [vwrap] authentication : remove reference to … Meadhbh Hamrick
- Re: [vwrap] authentication : remove reference to … Sean Hennessee
- [vwrap] We need protocol negotiation to be builti… Carlo Wood
- Re: [vwrap] We need protocol negotiation to be bu… Sean Hennessee
- Re: [vwrap] We need protocol negotiation to be bu… Morgaine