[curves] Use cases for PAKE?

Trevor Perrin trevp at trevp.net
Tue Mar 25 10:12:39 PDT 2014

On Mon, Mar 24, 2014 at 3:42 AM, Feng Hao <feng.hao at newcastle.ac.uk> wrote:
> I thought you were referring to the Dragonfly spec in IETF: http://tools.ietf.org/html/draft-irtf-cfrg-dragonfly-03
> The main concern is the hashing-password-to-curve function, which is called "Hunting and Pecking with ECC Groups". There is a similar function in SPEKE as defined in ISO/IEC 11770-4 called Integer-to-Point or I2P function. The two share the same problems.
> For the Dragonfly case, the function is looped for k times.

That's just the IETF draft, it's not in 802.11s.

>> What I don't know is how much deployment this is seeing?
> It will be great to see some examples of the deployment code. That can clarify.

Linux and FreeBSD include 802.11s, but you have to run a separate tool
for authentication:


It doesn't do any of the "40 loops" stuff, it just stops once it finds
a curve point.


(Though ~line 1034, is it failing after the 16th trial?  Is that right?)


>> OK, so this is basically the OTR / Socialist Millionaire's case:
>> http://www.cypherpunks.ca/~iang/pubs/impauth.pdf
>> I don't know whether that's been a good user experience or not, perhaps that's a question for the "messaging" list...
> It's not a good user experience

Are you sure?  I think some people like it.  I'll bring it up on
"messaging" list when I have time (or feel free to beat me to it!).


More information about the Curves mailing list