On Mon, Mar 24, 2014 at 3:42 AM, Feng Hao <[email protected]> wrote: > > I thought you were referring to the Dragonfly spec in IETF: > http://tools.ietf.org/html/draft-irtf-cfrg-dragonfly-03 > > The main concern is the hashing-password-to-curve function, which is called > "Hunting and Pecking with ECC Groups". There is a similar function in SPEKE > as defined in ISO/IEC 11770-4 called Integer-to-Point or I2P function. The > two share the same problems. > > For the Dragonfly case, the function is looped for k times.
That's just the IETF draft, it's not in 802.11s. >> What I don't know is how much deployment this is seeing? > > It will be great to see some examples of the deployment code. That can > clarify. Linux and FreeBSD include 802.11s, but you have to run a separate tool for authentication: https://github.com/cozybit/authsae It doesn't do any of the "40 loops" stuff, it just stops once it finds a curve point. (sae.c:assign_group_to_peer()). (Though ~line 1034, is it failing after the 16th trial? Is that right?) https://github.com/cozybit/authsae/blob/master/sae.c >> OK, so this is basically the OTR / Socialist Millionaire's case: > >> http://www.cypherpunks.ca/~iang/pubs/impauth.pdf > >> I don't know whether that's been a good user experience or not, perhaps >> that's a question for the "messaging" list... > > It's not a good user experience Are you sure? I think some people like it. I'll bring it up on "messaging" list when I have time (or feel free to beat me to it!). Trevor _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
