[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SCRAM minimum PBKDF#2 iteration count

To: Alexey Melnikov <alexey.melnikov@xxxxxxxxx>
Subject: Re: SCRAM minimum PBKDF#2 iteration count
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Tue, 10 Mar 2009 18:19:55 +0100
Cc: Tony Finch <dot@xxxxxxxx>, Jeffrey Hutzelman <jhutz@xxxxxxx>, ietf-sasl@xxxxxxx
In-reply-to: <49B68F73.8020803@xxxxxxxxx> (Alexey Melnikov's message of "Tue, 10 Mar 2009 16:04:03 +0000")
List-archive: <http://www.imc.org/ietf-sasl/mail-archive/>
List-id: <ietf-sasl.imc.org>
List-unsubscribe: <mailto:ietf-sasl-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <87sklmju7i.fsf@xxxxxxxxxxxxxxxxxxx> <947B90B9D07EDFC038DA5DEC@xxxxxxxxxxxxxxxxxxxxxx> <87k56xkbs7.fsf@xxxxxxxxxxxxxxxxxxx> <49B6385D.4020607@xxxxxxxxx> <alpine.LSU.2.00.0903101529450.8701@xxxxxxxxxxxxxxxxxxxxxx> <49B68F73.8020803@xxxxxxxxx>
Sender: owner-ietf-sasl@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.90 (gnu/linux)

Alexey Melnikov <alexey.melnikov@xxxxxxxxx> writes:

> Tony Finch wrote:
>
>>On Tue, 10 Mar 2009, Alexey Melnikov wrote:
>>  
>>
>>>Besides, the iteration count can be stored together with user's secret,
>>>so it is really controlled by the server end.
>>>    
>>>
>>However note that a very large proportion of users use multiple clients of
>>varying capability, so per-user isn't fine grained enough.
>>  
>>
> Tony, I don't think doing anything more granular (i.e. per-client)
> would work.
>
> We want to allow servers to store hashed passwords. This means that
> the server end dictates the minimum iteration count.

I don't think we can assume all servers will store hashed passwords.

There are many deployments where passwords are stored in separate
databases.  I would be surprised if all implementations supports stored
hashed passwords.

This means that we will see servers that use a random salt in SCRAM on
every connection.

If we don't want this, the protocol needs to require that servers store
hashed passwords and explain the problem that happens otherwise.  I'm
not sure it is practical to make this a MUST.  Or is there already text
in SCRAM to address this?

/Simon

Follow-Ups:
- Re: SCRAM minimum PBKDF#2 iteration count
  - From: Arnt Gulbrandsen
- Re: SCRAM minimum PBKDF#2 iteration count
  - From: Kurt Zeilenga
- Re: SCRAM minimum PBKDF#2 iteration count
  - From: Alexey Melnikov

References:
- SCRAM minimum PBKDF#2 iteration count
  - From: Simon Josefsson
- Re: SCRAM minimum PBKDF#2 iteration count
  - From: Jeffrey Hutzelman
- Re: SCRAM minimum PBKDF#2 iteration count
  - From: Simon Josefsson
- Re: SCRAM minimum PBKDF#2 iteration count
  - From: Alexey Melnikov
- Re: SCRAM minimum PBKDF#2 iteration count
  - From: Tony Finch
- Re: SCRAM minimum PBKDF#2 iteration count
  - From: Alexey Melnikov

Prev by Date: Re: SCRAM minimum PBKDF#2 iteration count
Next by Date: Re: SCRAM minimum PBKDF#2 iteration count
Previous by thread: Re: SCRAM minimum PBKDF#2 iteration count
Next by thread: Re: SCRAM minimum PBKDF#2 iteration count
Index(es):
- Date
- Thread