Re: [vwrap] MD5 must die [was: Re: authentication : remove reference to MD5]
Joshua Bell <josh@lindenlab.com> Tue, 06 July 2010 20:50 UTC
Return-Path: <josh@lindenlab.com>
X-Original-To: vwrap@core3.amsl.com
Delivered-To: vwrap@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 9B96F3A693B for <vwrap@core3.amsl.com>;
Tue, 6 Jul 2010 13:50:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.117
X-Spam-Level:
X-Spam-Status: No,
score=-0.117 tagged_above=-999 required=5 tests=[BAYES_20=-0.74,
FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pMpzclMwcPmw for
<vwrap@core3.amsl.com>; Tue, 6 Jul 2010 13:50:21 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com
[209.85.212.44]) by core3.amsl.com (Postfix) with ESMTP id 90ABB3A6807 for
<vwrap@ietf.org>; Tue, 6 Jul 2010 13:50:19 -0700 (PDT)
Received: by vws14 with SMTP id 14so6522462vws.31 for <vwrap@ietf.org>;
Tue, 06 Jul 2010 13:50:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.61.9 with SMTP id r9mr2407733vch.263.1278449419166;
Tue, 06 Jul 2010 13:50:19 -0700 (PDT)
Received: by 10.220.181.132 with HTTP; Tue, 6 Jul 2010 13:50:19 -0700 (PDT)
In-Reply-To: <AANLkTinO1OF59fjL9O97lFmvxK01_3YBmnWs5_dCeNbr@mail.gmail.com>
References: <AANLkTinO1OF59fjL9O97lFmvxK01_3YBmnWs5_dCeNbr@mail.gmail.com>
Date: Tue, 6 Jul 2010 13:50:19 -0700
Message-ID: <AANLkTim1gBzeY8UinY5yyq2eClk5t3lm4_JJ3A5faKts@mail.gmail.com>
From: Joshua Bell <josh@lindenlab.com>
To: vwrap@ietf.org
Content-Type: multipart/alternative; boundary=e0cb4e8873dd7e23dd048abe33ab
Subject: Re: [vwrap] MD5 must die [was: Re: authentication : remove reference
to MD5]
X-BeenThere: vwrap@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual World Region Agent Protocol - IETF working group
<vwrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/vwrap>,
<mailto:vwrap-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vwrap>
List-Post: <mailto:vwrap@ietf.org>
List-Help: <mailto:vwrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vwrap>,
<mailto:vwrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 20:50:22 -0000
On Tue, Jul 6, 2010 at 12:19 PM, Meadhbh Hamrick <ohmeadhbh@gmail.com>wrote;wrote: > MD5 is bad, i think we all agree. US-CERT's advisory "MD5 vulnerable > to collision attacks" @ http://www.kb.cert.org/vuls/id/836068 explains > why. > > we had a couple of good recommendations: > > 1. patnad and barry said, "just force people to re-register and store > the new password hash." and that's probably a good idea. > > 2. sean mentioned, "just keep legacy SL running the old system while > everyone else uses the new." and that's probably a good idea too. > > 3. we could also do something funky like say that for peeps like SL, > hash the password first with MD5, and then with SHA256. (i.e. - you > use the MD5 hash as the shared secret instead of the password.) > > linden unfortunately has a bazillion users whose passwords are > "stored" as MD5 hashes. and i wanted to ask josh and/or joe (who as > far as i know) still work at linden... what do you think about this? > is there a preference from linden? you guys are going to be the most > affected. (speaking as participant) Yep, still here. No preference from Linden; I think you should disregard Linden needs on this particular issue. * (1) is, of course, a possible option; * (2) could be satisfied by Linden releasing a technical note (etc) on an extension to VWRAP Auth that "introduces" algorithm=md5 (i.e. puts back the text that is proposed to be cut); this would be sufficient for clients that wished to auth against both "vanilla" VWRAP and potentially special-case SL * (3) ditto, as a way of doing #2 with increased security during transport ("md5+sha256") - nice thought, Meadhbh! * And, of course, there's the option of doing out-of-band authentication using OpenID (etc) via CALM or the equivalent. None of these appear to require codifying in the spec now, as long as there are no "MUST NOT" requirements that forbid extensions (which would be bad anyway), and Linden doesn't have sufficient data to commit to a particular approach at this time. Joshua
- [vwrap] MD5 must die [was: Re: authentication : r… Meadhbh Hamrick
- Re: [vwrap] MD5 must die [was: Re: authentication… Peter Saint-Andre
- Re: [vwrap] MD5 must die [was: Re: authentication… Marshall Eubanks
- Re: [vwrap] MD5 must die [was: Re: authentication… Joshua Bell