lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 1 Apr 2014 14:26:37 -0700
From: Christopher Taylor <mrcatid@...il.com>
To: discussions@...sword-hashing.net
Subject: Re: [PHC] Re: [SPAM] [PHC] New password authentication protocol:
 Tabby PAKE

Jeremy,

I appreciate your quick feedback.  I'll go back and improve the document
further to address these issues.

The Tabby PAKE scheme is out of context for PHC, so it is not part of the
competition.  This was good motivation to do the writeup, though!

Best of luck to everyone =)
-Chris


On Mon, Mar 31, 2014 at 9:08 AM, Jeremy Spilman <jeremy@...link.co> wrote:

> Hi Chris,
>
> I really enjoyed a read through of your paper.  I found it very easy to
> follow, and I'm looking forward to digging into the math, particular your
> use of Snowshoe Elligator.
>
> One pet peeve of mine, which SRP does the exact same thing even in the
> RFC, but still...
>
> From 2.3:
>
>    1.
>
>    Off-line dictionary attack resistance: Passive and active attackers
>    must not gain any knowledge that enables them to mount an exhaustive
>    search for the password by interacting with the protocol.
>
>
>
>
> The last 3 words indicate you mean offline attack from inspecting protocol
> messages. Can you please clarify this and in the same section please
> explain the properties of an offline attack against the validator database?
>
> 3.3.4 discusses offline dictionary attack where the validator database is
> known. But then 3.4.1 goes back to discuss dictionary attack resistance
> only in terms of protocol messages.
>
> I don't want to minimize any advantages, but I think going to extra
> lengths to differentiate these two attack modes does a great service to the
> average user of the scheme.
>
> Thanks for developing all this and sharing with us!
>
>

Content of type "text/html" skipped

Powered by blists - more mailing lists