[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] shared secrets from passwords

To: Yoav Nir <ynir@xxxxxxxxxxxxxx>
Subject: Re: [TLS] shared secrets from passwords
From: Florian Weimer <fweimer@xxxxxx>
Date: Thu, 31 Jan 2008 21:44:14 +0100
Cc: tls mailing list <tls@xxxxxxxx>
Delivered-to: tls@xxxxxxxxxxxxxx
In-reply-to: <4EBCDD76-AAA8-41C4-A0F8-D67FD4F02DEF@xxxxxxxxxxxxxx> (Yoav Nir's message of "Wed, 30 Jan 2008 10:09:57 +0200")
List-archive: <http://www.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-post: <mailto:tls@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
References: <479F502B.2020202@xxxxxxxx> <4EBCDD76-AAA8-41C4-A0F8-D67FD4F02DEF@xxxxxxxxxxxxxx>
Sender: tls-bounces@xxxxxxxx

* Yoav Nir:

> The idea is that this shared secret has the properties that (a) it
> can't be used for anything other than IKEv2 so storing it is
> presumably OK (why?), and (b) it looks random. The RFC goes on to
> state this:
>
>                                As noted above, deriving the shared
>   secret from a password is not secure.  This construction is used
>   because it is anticipated that people will do it anyway.

[RFC 4306]

In retrospect, this is a bit off--it's insecure in what context?

The trouble with passwords is that you should have one for each
client/server pair.  Apart from the widespread deployment of more or
less interoperable implementations, this is the main reason why we
decided to use asymmetric cryptography with TLS (self-signed X.509
certificates, to be precise).

-- 
Florian Weimer                <fweimer@xxxxxx>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99
_______________________________________________
TLS mailing list
TLS@xxxxxxxx
http://www.ietf.org/mailman/listinfo/tls

Follow-Ups:
- Re: [TLS] shared secrets from passwords
  - From: Uri Blumenthal

References:
- [TLS] shared secrets from passwords
  - From: Mohamad Badra
- Re: [TLS] shared secrets from passwords
  - From: Yoav Nir

Prev by Date: [TLS] Updated version of draft-badra-ecdhe-tls-psk
Next by Date: [TLS] SSL session caching & lookups
Previous by thread: Re: [TLS] shared secrets from passwords
Next by thread: Re: [TLS] shared secrets from passwords
Index(es):
- Date
- Thread