Re: [TLS] Elliptic Curve J-PAKE

2019-04-15 Thread Watson Ladd
on't know of a JPAKE proof that doesn't rely on Shamir-Fiat > > >heuristic, which implies common random string. Your proof is in the > > >ROM no? Also I do not see how one recovers the password from past > > >sessions or recovers the negotiated key in this case:

Re: [TLS] Elliptic Curve J-PAKE

2019-04-15 Thread Hao, Feng
gt;ROM no? Also I do not see how one recovers the password from past > >sessions or recovers the negotiated key in this case: certainly an > >active attack is possible knowing a relation! > > > >> > >> > >> Regards, > >> > >&

Re: [TLS] Elliptic Curve J-PAKE

2019-04-14 Thread Watson Ladd
y on Shamir-Fiat > >heuristic, which implies common random string. Your proof is in the > >ROM no? Also I do not see how one recovers the password from past > >sessions or recovers the negotiated key in this case: certainly an > >active attack is possible knowing a relation! > > >

Re: [TLS] Elliptic Curve J-PAKE

2019-03-27 Thread Feng Hao
n! > >> >> >> Regards, >> >> Feng >> >> >> >> From: TLS on behalf of Hugo Krawczyk >> >> Date: Wednesday, 27 March 2019 at 02:49 >> To: Hannes Tschofenig >> Cc: "tls@ietf.org" >> Subject: Re: [TLS] Ell

Re: [TLS] Elliptic Curve J-PAKE

2019-03-27 Thread Watson Ladd
sions or recovers the negotiated key in this case: certainly an active attack is possible knowing a relation! > > > Regards, > > Feng > > > > From: TLS on behalf of Hugo Krawczyk > > Date: Wednesday, 27 March 2019 at 02:49 > To: Hannes Tschofenig > Cc: &qu

Re: [TLS] Elliptic Curve J-PAKE

2019-03-27 Thread Feng Hao
9 To: Hannes Tschofenig mailto:hannes.tschofe...@arm.com>> Cc: "tls@ietf.org<mailto:tls@ietf.org>" mailto:tls@ietf.org>> Subject: Re: [TLS] Elliptic Curve J-PAKE Hi Hannes, J-PAKE is a symmetric PAKE. Both parties store the same password. It is not suitable for most client-s

Re: [TLS] Elliptic Curve J-PAKE

2019-03-27 Thread Hannes Tschofenig
didn’t want to have the user interaction needed by passwords. From: Hugo Krawczyk Sent: Mittwoch, 27. März 2019 03:48 To: Hannes Tschofenig Cc: tls@ietf.org Subject: Re: [TLS] Elliptic Curve J-PAKE Hi Hannes, J-PAKE is a symmetric PAKE. Both parties store the same password. It is not suitable

Re: [TLS] Elliptic Curve J-PAKE

2019-03-26 Thread Hugo Krawczyk
Hi Hannes, J-PAKE is a symmetric PAKE. Both parties store the same password. It is not suitable for most client-server scenarios where using J-PAKE would mean that an attacker that breaks into the server simply steals all plaintext passwords. OPAQUE is an asymmetric (or augmented) PAKE where user