SPAKE, DTLS and passwords + aPAKE and SCRAM
Vernon Mauery
vernon.mauery at linux.intel.com
Thu Oct 14 07:51:18 AEDT 2021
On 05-Oct-2021 10:24 AM, Joseph Reynolds wrote:
>On 10/4/21 4:47 PM, Michael Richardson wrote:
>>Joseph Reynolds <jrey at linux.ibm.com> wrote:
>> > The planned IPMI over DLTS function will have certificate-based
>> > authuentication.
>>
>>Do you mean that the server will be authenticated with a certificate, or that
>>it will use mutual authentication?
>>
>> > For our use cases, we would like to add password-based
>> > authentication, and we want to do so as securely as possible, meaning what
>> > protocol we should use. In particular, we want to know if we should avoid
>> > sending a “cleartext” password (tunneled over DTLS) to the server.
>>
>>If it can be avoided, yes.
>>
>>https://www.rfc-editor.org/rfc/rfc8125.html#section-3.1 suggests that all
>>the PAKE candidates (whether balanced or augmented) satisfy this.
>>I strongly suggest that a PAKE be used.
>>The CHIP/MATTER IoT people are using
>> https://datatracker.ietf.org/doc/draft-bar-cfrg-spake2plus/
>>although the IRTF CFRG hasn't adopted that document yet. I don't know
>>exactly where they are with it. But, I expect you will find many libraries
>>going forward.
>>
>Michael, thanks for your reply. I got feedback from my people (but my
>skillset is too weak to interpret it):
>
>Weakness of SRP (Secure Remote Password):
> - Server spoofing, there is nothing that prevents a server from being
>spoofed.
> - Widely adopted with very little proof of being cryptographically
>secure and has been shown vulnerable to pre-computation attacks
> - No feasible way to check for password complexity in the protocol
>(true for most aPAKE - asymmetric Password Authenticated Key Exchange)
> - Some debate over if actually provides forward secrecy.
>
>Recommendation to look at at OPAQUE aPAKE:
>https://blog.cloudflare.com/opaque-oblivious-passwords/
>
>Suggestion to use SCRAM https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism
I will add SCRAM and PAKE to my list of things to investigate.
--Vernon
More information about the openbmc
mailing list