Yoav,
> IKE already has PSK-based authentication. If my "password" is
> 9975612f178b31164bef5bb672cbeb1db6437d6459ff1d8a17f12ec73fcd5c92, then
I don't need any new-fangled
> mode, because the authentication described in section 2.15 of RFC 4306
is good enough.
If that "password" was generated from a known hash of a low entropy
password with no additional entropy input (this is discussed as a
possibility in Section 2.15 of 4306), that "password" is weak, and
changing the hash to double the length of the output won't strengthen
the result.
> The new mode we're looking for is for giving a little security for
people who use the password
> "yoav71", thinking that nobody would ever guess it.
And I'm suggesting the it may also be usefully applicable to
SHA-1("yoav71") with default padding.
I completely agree that "yoav71" is typical of the most important use
case. I'm trying to point out that it may not be the only relevant use
case.
Thanks,
--David
> -----Original Message-----
> From: Yoav Nir [mailto:[email protected]]
> Sent: Monday, March 22, 2010 3:36 PM
> To: Black, David
> Cc: [email protected]
> Subject: Re: [IPsec] Password-Based Auth: Two criteria comments
>
>
> On Mar 22, 2010, at 11:18 AM, <[email protected]>
<[email protected]> wrote:
>
> > Summarizing what I said in the meeting:
> >
> > (1) The performance criteria should include performance with large
complex secrets (e.g., pre-shared
> keys), not just the smaller passwords that people can reasonably be
expected to remember.
> >
> > This is because a password-based authentication mechanism may be
usefully applied to shared secret
> authentication implementations that derive a supposedly strong secret
solely from a password (see the
> discussion of pre-shared key authentication in Section 2.15 of RFC
4306). Password-based
> authentication would provides some defense against this and other key
generation weaknesses. The
> original password that was used to generate the shared secret may no
longer be available, so good
> performance on large complex secrets would enable password based
authentication to use the derived
> (supposedly strong) secret as the password.
>
> IKE already has PSK-based authentication. If my "password" is
> 9975612f178b31164bef5bb672cbeb1db6437d6459ff1d8a17f12ec73fcd5c92, then
I don't need any new-fangled
> mode, because the authentication described in section 2.15 of RFC 4306
is good enough.
>
> The new mode we're looking for is for giving a little security for
people who use the password
> "yoav71", thinking that nobody would ever guess it.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
