SPAKE, DTLS and passwords + aPAKE and SCRAM

Joseph Reynolds jrey at linux.ibm.com
Wed Oct 6 02:24:59 AEDT 2021 

On 10/4/21 4:47 PM, Michael Richardson wrote:
> Joseph Reynolds <jrey at linux.ibm.com> wrote:
>      > The planned IPMI over DLTS function will have certificate-based
>      > authuentication.
>
> Do you mean that the server will be authenticated with a certificate, or that
> it will use mutual authentication?
>
>      > For our use cases, we would like to add password-based
>      > authentication, and we want to do so as securely as possible, meaning what
>      > protocol we should use.  In particular, we want to know if we should avoid
>      > sending a “cleartext” password (tunneled over DTLS) to the server.
>
> If it can be avoided, yes.
>
> https://www.rfc-editor.org/rfc/rfc8125.html#section-3.1 suggests that all
> the PAKE candidates (whether balanced or augmented) satisfy this.
> I strongly suggest that a PAKE be used.
> The CHIP/MATTER IoT people are using
>     https://datatracker.ietf.org/doc/draft-bar-cfrg-spake2plus/
> although the IRTF CFRG hasn't adopted that document yet.  I don't know
> exactly where they are with it.  But, I expect you will find many libraries
> going forward.
>
Michael, thanks for your reply.  I got feedback from my people (but my 
skillset is too weak to interpret it):

Weakness of SRP (Secure Remote Password):
  - Server spoofing, there is nothing that prevents a server from being 
spoofed.
  - Widely adopted with very little proof of being cryptographically 
secure and has been shown vulnerable to pre-computation attacks

  - No feasible way to check for password complexity in the protocol 
(true for most aPAKE - asymmetric Password Authenticated Key Exchange)
  - Some debate over if actually provides forward secrecy.

Recommendation to look at at OPAQUE aPAKE: 
https://blog.cloudflare.com/opaque-oblivious-passwords/

Suggestion to use SCRAM 
https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism

-Joseph

...snip...

>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
>
>
>

More information about the openbmc mailing list