[curves] Use cases for PAKE?
Trevor Perrin
trevp at trevp.net
Tue Mar 25 10:12:39 PDT 2014
On Mon, Mar 24, 2014 at 3:42 AM, Feng Hao <feng.hao at newcastle.ac.uk> wrote:
>
> I thought you were referring to the Dragonfly spec in IETF: http://tools.ietf.org/html/draft-irtf-cfrg-dragonfly-03
>
> The main concern is the hashing-password-to-curve function, which is called "Hunting and Pecking with ECC Groups". There is a similar function in SPEKE as defined in ISO/IEC 11770-4 called Integer-to-Point or I2P function. The two share the same problems.
>
> For the Dragonfly case, the function is looped for k times.
That's just the IETF draft, it's not in 802.11s.
>> What I don't know is how much deployment this is seeing?
>
> It will be great to see some examples of the deployment code. That can clarify.
Linux and FreeBSD include 802.11s, but you have to run a separate tool
for authentication:
https://github.com/cozybit/authsae
It doesn't do any of the "40 loops" stuff, it just stops once it finds
a curve point.
(sae.c:assign_group_to_peer()).
(Though ~line 1034, is it failing after the 16th trial? Is that right?)
https://github.com/cozybit/authsae/blob/master/sae.c
>> OK, so this is basically the OTR / Socialist Millionaire's case:
>
>> http://www.cypherpunks.ca/~iang/pubs/impauth.pdf
>
>> I don't know whether that's been a good user experience or not, perhaps that's a question for the "messaging" list...
>
> It's not a good user experience
Are you sure? I think some people like it. I'll bring it up on
"messaging" list when I have time (or feel free to beat me to it!).
Trevor
More information about the Curves
mailing list