From: Joseph Reynolds <jrey@linux.ibm.com>
To: Michael Richardson <mcr@sandelman.ca>,
openbmc <openbmc@lists.ozlabs.org>
Subject: Re: SPAKE, DTLS and passwords + aPAKE and SCRAM
Date: Tue, 5 Oct 2021 10:24:59 -0500 [thread overview]
Message-ID: <a9a07a2a-c093-affa-9d90-bb04d82b9b05@linux.ibm.com> (raw)
In-Reply-To: <17277.1633384075@localhost>
On 10/4/21 4:47 PM, Michael Richardson wrote:
> Joseph Reynolds <jrey@linux.ibm.com> wrote:
> > The planned IPMI over DLTS function will have certificate-based
> > authuentication.
>
> Do you mean that the server will be authenticated with a certificate, or that
> it will use mutual authentication?
>
> > For our use cases, we would like to add password-based
> > authentication, and we want to do so as securely as possible, meaning what
> > protocol we should use. In particular, we want to know if we should avoid
> > sending a “cleartext” password (tunneled over DTLS) to the server.
>
> If it can be avoided, yes.
>
> https://www.rfc-editor.org/rfc/rfc8125.html#section-3.1 suggests that all
> the PAKE candidates (whether balanced or augmented) satisfy this.
> I strongly suggest that a PAKE be used.
> The CHIP/MATTER IoT people are using
> https://datatracker.ietf.org/doc/draft-bar-cfrg-spake2plus/
> although the IRTF CFRG hasn't adopted that document yet. I don't know
> exactly where they are with it. But, I expect you will find many libraries
> going forward.
>
Michael, thanks for your reply. I got feedback from my people (but my
skillset is too weak to interpret it):
Weakness of SRP (Secure Remote Password):
- Server spoofing, there is nothing that prevents a server from being
spoofed.
- Widely adopted with very little proof of being cryptographically
secure and has been shown vulnerable to pre-computation attacks
- No feasible way to check for password complexity in the protocol
(true for most aPAKE - asymmetric Password Authenticated Key Exchange)
- Some debate over if actually provides forward secrecy.
Recommendation to look at at OPAQUE aPAKE:
https://blog.cloudflare.com/opaque-oblivious-passwords/
Suggestion to use SCRAM
https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism
-Joseph
...snip...
>
> --
> ] Never tell me the odds! | ipv6 mesh networks [
> ] Michael Richardson, Sandelman Software Works | IoT architect [
> ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
>
>
>
>
next prev parent reply other threads:[~2021-10-05 15:25 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-29 1:35 Security Working Group meeting - Wednesday September 29 Joseph Reynolds
2021-10-04 15:15 ` Joseph Reynolds
2021-10-04 21:47 ` SPAKE, DTLS and passwords Michael Richardson
2021-10-05 14:50 ` Joseph Reynolds
2021-10-05 15:09 ` Michael Richardson
2021-10-05 16:22 ` Joseph Reynolds
2021-10-05 15:24 ` Joseph Reynolds [this message]
2021-10-13 20:51 ` SPAKE, DTLS and passwords + aPAKE and SCRAM Vernon Mauery
2021-10-13 20:51 ` SPAKE, DTLS and passwords Vernon Mauery
2021-10-04 21:49 ` Security Working Group meeting - Wednesday September 29 Michael Richardson
2021-10-04 22:08 ` Bruce Mitchell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a9a07a2a-c093-affa-9d90-bb04d82b9b05@linux.ibm.com \
--to=jrey@linux.ibm.com \
--cc=mcr@sandelman.ca \
--cc=openbmc@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).