Hi,
On 6/19/15 13:03, Bingzheng Wu wrote:
I am wrong again. Adding master-secret is useless.
Now I think that asymmetric crypto must be used to prevent offline directory
attack, which is the way PAKE works as.
I'm probably wrong since I only thought about it for a few minutes, but
it seems to me that the PasswordVerify message would be encrypted with
(keys derived from) the handshake master secret, which would prevent
offline attacks.
What am I missing?
Sorry for disturbing.
Probably sorry too :)
Manuel.
------------------------------------------------------------------
From:武炳正(允中) <bingzheng....@alibaba-inc.com>
Time:2015 Jun 19 (Fri) 16:19
To:武炳正(允中) <bingzheng....@alibaba-inc.com>, tls <tls@ietf.org>
Subject:RE: [TLS] is it good using password for authentication only?
Maybe I realize the problem. The PasswordVerify message is susceptible to
offline dictionary attacks.
Dose it become resistant to the attack if we add some secret generated from
master-secret into the HASH?
PasswordVerify = HASH(username, passward, handshake_message_hash,
master-secret, label)
This becomes involved with key-exchange, but it is not involved with any
specific key-exchange method.
It just need the key-exchange result.
Bingzheng
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
