Crypto Forum Research Group ()

Dan Harkins | 10 Feb 2008 08:21

I-D for password-authenticated EAP method


  Hello,

  There's a new draft in the Internet-Drafts database called
draft-harkins-emu-eap-pwd-00.txt. It describes a new EAP method
for authentication using only a password. I believe that it
provides resistance to active attack, passive attack, and
dictionary attack. It also provides forward secrecy and an
authenticated key (not just a shared key between authenticated
entities).

  I would greatly appreciate it if anyone on this list could take
a look at the exchange-- esp. sections 2.6.2 and 2.6.3, with the
notation from section 2.1-- and whether the analysis in section 6
is correct.

  regards,

  Dan.

headers

Scott Fluhrer | 17 Feb 2008 21:51

Re: I-D for password-authenticated EAP method

I believe I have found a security problem.  See below for details (and one
way you could modify the method defined by the draft to invalidate this
observation).  Oh, and I wouldn't mind someone reviewing the attack to make
sure I hadn't make a fundamental mistake.

> -----Original Message-----
> From: cfrg-bounces <at> ietf.org [mailto:cfrg-bounces <at> ietf.org] On 
> Behalf Of Dan Harkins
> Sent: Sunday, February 10, 2008 2:22 AM
> To: cfrg <at> ietf.org
> Subject: [Cfrg] I-D for password-authenticated EAP method
> 
> 
>   Hello,
> 
>   There's a new draft in the Internet-Drafts database called 
> draft-harkins-emu-eap-pwd-00.txt. It describes a new EAP 
> method for authentication using only a password. I believe 
> that it provides resistance to active attack, passive attack, 
> and dictionary attack. It also provides forward secrecy and 
> an authenticated key (not just a shared key between 
> authenticated entities).
> 
>   I would greatly appreciate it if anyone on this list could 
> take a look at the exchange-- esp. sections 2.6.2 and 2.6.3, 
> with the notation from section 2.1-- and whether the analysis 
> in section 6 is correct.

It turns out that there is a problem, in that it doesn't meet the security
goal in section 1.3.3.  That is, an attacker who doesn't know the key is

(Continue reading)

headers

Dan Harkins | 19 Feb 2008 08:22

Re: I-D for password-authenticated EAP method


  Hi Scott,

  You have, indeed, found a security problem! I appreciate the time spend
analyzing this protocol. Let me look a bit more at the problem you found,
and your suggested fix. Thanks.

  regards,

  Dan.

On Sun, February 17, 2008 12:51 pm, Scott Fluhrer wrote:
> I believe I have found a security problem.  See below for details (and one
> way you could modify the method defined by the draft to invalidate this
> observation).  Oh, and I wouldn't mind someone reviewing the attack to
> make
> sure I hadn't make a fundamental mistake.
>
>> -----Original Message-----
>> From: cfrg-bounces <at> ietf.org [mailto:cfrg-bounces <at> ietf.org] On
>> Behalf Of Dan Harkins
>> Sent: Sunday, February 10, 2008 2:22 AM
>> To: cfrg <at> ietf.org
>> Subject: [Cfrg] I-D for password-authenticated EAP method
>>
>>
>>   Hello,
>>
>>   There's a new draft in the Internet-Drafts database called
>> draft-harkins-emu-eap-pwd-00.txt. It describes a new EAP

(Continue reading)

headers

Paul Hoffman | 20 Feb 2008 21:58

Fwd: I-D ACTION:draft-lochter-pkix-brainpool-ecc-01.txt

Having some CFRG input on this would be useful to many WGs...

>A New Internet-Draft is available from the on-line Internet-Drafts
>directories.
>
>
>	Title		: ECC Brainpool Standard Curves and Curve Generation
>	Author(s)	: M. Lochter, J. Merkle
>	Filename	: draft-lochter-pkix-brainpool-ecc-01.txt
>	Pages		: 20
>	Date		: 2008-2-20
>
>This Memo proposes several elliptic curve domain parameters over
>    finite prime fields for use in cryptographic applications.  The
>    domain parameters are consistent with the relevant international 
>standards, and can be used in X.509 certificates and certificate
>    revocation lists (CRLs), for Internet Key Exchange (IKE), Transport
>    Layer Security (TLS), XML signatures, and all applications or
>    protocols based on the cryptographic message syntax (CMS).
>
>A URL for this Internet-Draft is:
>http://www.ietf.org/internet-drafts/draft-lochter-pkix-brainpool-ecc-01.txt

--Paul Hoffman, Director
--VPN Consortium

Mon	Tue	Wed	Thu	Fri	Sat	Sun

				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29

2	May 2013
58	April 2013
42	March 2013
36	February 2013
8	January 2013
16	December 2012
20	November 2012
12	October 2012
20	September 2012
15	August 2012
15	July 2012
36	June 2012
26	May 2012
4	April 2012
6	March 2012
23	February 2012
14	January 2012
3	December 2011
17	November 2011
3	October 2011
8	August 2011
34	July 2011
34	June 2011
23	April 2011
3	February 2011
2	January 2011
4	November 2010
12	October 2010
11	August 2010
7	July 2010
91	June 2010
18	May 2010
16	April 2010
21	March 2010
3	February 2010
3	January 2010
15	December 2009
2	November 2009
37	October 2009
2	September 2009
6	August 2009
8	July 2009
6	June 2009
2	May 2009
19	April 2009
8	March 2009
6	February 2009
114	January 2009
76	December 2008
10	November 2008
1	October 2008
1	September 2008
2	August 2008
4	June 2008
5	May 2008
3	April 2008
4	February 2008
17	January 2008
2	December 2007
7	November 2007
9	October 2007
2	September 2007
4	August 2007
8	July 2007
3	June 2007
13	May 2007
6	April 2007
1	March 2007
1	February 2007
48	January 2007
15	October 2006
39	September 2006
41	August 2006
26	July 2006
2	April 2006
37	March 2006
7	February 2006
1	January 2006
2	December 2005
6	November 2005
235	October 2005
38	September 2005
12	August 2005
22	June 2005
2	May 2005
6	April 2005
89	March 2005
1	February 2005
11	January 2005
1	December 2004
39	November 2004
9	October 2004
34	September 2004
74	August 2004
2	July 2004
1	June 2004
7	May 2004
32	April 2004