Re: [TLS] JPAKE
On Tue, Feb 16, 2016 at 10:45 PM, Dan Harkinswrote: > What?!? How is that "better"? Having a "keychain" that loops in some > vague "secure enclave" that makes authorization decisions based on some > app deriving a "strong master secret from a weak password/pin" sounds > complicated Microsoft: https://technet.microsoft.com/en-us/library/mt621546(v=vs.85).aspx Matt Green: https://twitter.com/matthew_d_green/status/699777680728842240 Apple: https://www.apple.com/business/docs/iOS_Security_Guide.pdf (see also: Matt Green) Hardware interlocks around authentication allow various anti-brute force, exponential backoff, and device wiping security measures. They also allow you to unlock a "full entropy" cryptographic key with some low entropy mechanism like a PIN without the former being deterministically derived from the latter. I personally believe the future of authentication is having a weak credential which unlocks a strong credential on something you have. This approach to authentication is generally described as "something you have and something you know" -- Tony Arcieri ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
Re: [TLS] JPAKE
On Mon, Feb 15, 2016 at 4:33 PM, Robert Cragiewrote: > In Thread, it is used for local device authentication and authorisation. > These use cases clearly benefit from a PAKE, i.e. getting deriving a shared > cryptographic from a weaker shared password. > The better way to solve this problem is a device-specific "keychain", which possibly loops in some sort of secure enclave for decrypting secrets, and can authorize secret decryption based on the requesting app, derive a strong master secret from a weak password/pin (possibly using a PUF for anti-tamper). This is becoming a standard feature of the OSes on most devices humans actually physically interact with, e.g. most smartphones, tablets, and any OS you'd find on a laptop. If you have this sort of keychain system, you can provision secrets on-the-fly, e.g. origin-bound certificates. Now you don't need PAKE. ___ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls