Hi Dan, Could you describe the technical differences between the approach in draft-harkins-emu-eap-pwd-00.txt and existing approaches of SRP, SPEKE and EKE?
Thanks, Joe > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Dan Harkins > Sent: Sunday, March 02, 2008 11:07 PM > To: SeongHan Shin > Cc: 'Kazukuni Kobara'; [email protected] > Subject: Re: [Emu] Agenda Take 2 > > > Hi Shin, > > I'll put this on the list for cleanup in the -02 version. > In section 2.6.3.2 it describes constructing the password > element for a prime modulus group. It says: > > pwd-value = KDF(pwd-seed, "EAP-pwd Affixing the PWE", len(p)) > > PWE = pwd-value mod p > > this should be: > > pwd-value = pwd-value mod p > > We want to ensure the value stretched to the length of the > prime is numerically less than the prime. Section 2.6.3.2 > goes on to say: > > The PWE is then computed by exponentiating the pwd-value > to the value > ((p-1)/r) modulus the prime. > > PWD = pwd-value ^ ((p-1)/r) mod p > > I'm not sure where PWD came from :-). The convention is > capitals for elliptic curve groups to distinguish between > elements and scalars. There is no such convention for prime > modulus groups so it should be: > > The pwe is then computed by exponentiating the pwd-value > to the value > ((p-1)/r) modulus the prime. > > pwe = pwd-value ^ ((p-1)/r) mod p > > And then that "pwe" is used in 2.6.4.2. The idea is we take a > pwe-seed derived from the secret and identities and stretch > that using the KDF into a pwd-value which we reduce modulo > the prime. The pwd-value is then used to construct the > password element, pwe, by exponentiating as described above-- > pwd-value ^ ((p-1)/r) mod p. I obviously messed up the > description of that. > > As I said, I'll clean this up in the next version. If you > do find any security issues with this draft please let me > know. And also if there are other typographical errors or > similar issues you come across please tell me so I can clean them up. > > regards, > > Dan. > > On Sun, March 2, 2008 10:27 pm, SeongHan Shin wrote: > > Dear Dan Harkins, > > > > Sorry, I didn't know that the ID is updated. > > Anyway, I'll go through the new ID. > > > > By the way, is "pwe" in section 2.6.4.2 the same as "PWE"? > > > > Best regards, > > Shin > > > > -----Original Message----- > > From: Dan Harkins [mailto:[EMAIL PROTECTED] > > Sent: Monday, March 03, 2008 2:17 PM > > To: SeongHan Shin > > Cc: [email protected]; 'Kazukuni Kobara' > > Subject: Re: [Emu] Agenda Take 2 > > > > > > Hi Shin, > > > > That draft has been updated. Please see the -01 version. > That is the > > one that will be presented in Philly and is, I believe, > resistant to > > off-line dictionary attack. If you know of an attack against it I > > would be extremely interested in hearing about it. > > > > regards, > > > > Dan. > > > > On Sun, March 2, 2008 7:16 pm, SeongHan Shin wrote: > >> Dear all, > >> > >> This is Shin. > >> I read the below ID (Password only Mechanism) > >> http://tools.ietf.org/id/draft-harkins-emu-eap-pwd-00.txt > >> to be presented at IETF 71. > >> > >> The idea of the protocol seems interesting. > >> However, I found that the protocol is susceptible to off-line > >> dictionary attack. > >> If someone is interested, I'll show how the attack works. > >> (you may already know that.) > >> > >> Best regards, > >> Shin > >> > >> > >> -----Original Message----- > >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of > >> Joseph Salowey (jsalowey) > >> Sent: Thursday, February 28, 2008 8:04 AM > >> To: [email protected] > >> Subject: [Emu] Agenda Take 2 > >> > >> EMU Agenda > >> IETF 71 > >> THURSDAY, March 13, 2008 > >> 0900-1130 Morning Session I > >> --------------------------------------------- > >> + Administrivia (5 min) > >> - agenda, blue sheets, note takers > >> > >> + Document Status (5 min) > >> - EAP-TLS - draft-simon-emu-rfc2716bis-13.txt > >> - EAP-GPSK - draft-ietf-emu-eap-gpsk-08.txt > >> > >> + Charter Revision Status (70 min) > >> - General text (10 min) > >> - Tunnel Method (20 min) > >> - Secure Password Only Method (20 min) > >> - Channel Bindings (20 min) > >> > >> + Tunnel Method Requirements (30 min) > >> - draft-salowey-emu-eaptunnel-req-00.txt > >> > >> + Channel Bindings (20 min) > >> - draft-clancy-emu-chbind-00.txt > >> - draft-clancy-emu-aaapay-00.txt > >> > >> + Password only Mechanism (20 min) > >> - draft-harkins-emu-eap-pwd-00.txt > >> _______________________________________________ > >> Emu mailing list > >> [email protected] > >> https://www.ietf.org/mailman/listinfo/emu > >> > >> > >> > >> _______________________________________________ > >> Emu mailing list > >> [email protected] > >> https://www.ietf.org/mailman/listinfo/emu > >> > > > > > > > > > > > > > > > _______________________________________________ > Emu mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
