[curves] Use cases for PAKE?

Trevor Perrin trevp at trevp.net
Tue Mar 25 10:12:39 PDT 2014


On Mon, Mar 24, 2014 at 3:42 AM, Feng Hao <feng.hao at newcastle.ac.uk> wrote:
>
> I thought you were referring to the Dragonfly spec in IETF: http://tools.ietf.org/html/draft-irtf-cfrg-dragonfly-03
>
> The main concern is the hashing-password-to-curve function, which is called "Hunting and Pecking with ECC Groups". There is a similar function in SPEKE as defined in ISO/IEC 11770-4 called Integer-to-Point or I2P function. The two share the same problems.
>
> For the Dragonfly case, the function is looped for k times.

That's just the IETF draft, it's not in 802.11s.


>> What I don't know is how much deployment this is seeing?
>
> It will be great to see some examples of the deployment code. That can clarify.

Linux and FreeBSD include 802.11s, but you have to run a separate tool
for authentication:

https://github.com/cozybit/authsae

It doesn't do any of the "40 loops" stuff, it just stops once it finds
a curve point.

(sae.c:assign_group_to_peer()).

(Though ~line 1034, is it failing after the 16th trial?  Is that right?)

https://github.com/cozybit/authsae/blob/master/sae.c


>> OK, so this is basically the OTR / Socialist Millionaire's case:
>
>> http://www.cypherpunks.ca/~iang/pubs/impauth.pdf
>
>> I don't know whether that's been a good user experience or not, perhaps that's a question for the "messaging" list...
>
> It's not a good user experience

Are you sure?  I think some people like it.  I'll bring it up on
"messaging" list when I have time (or feel free to beat me to it!).


Trevor


More information about the Curves mailing list