AzureAD / microsoft-authentication-library-for-python

Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
https://stackoverflow.com/questions/tagged/azure-ad-msal+python
Other
817 stars 203 forks source link

Is MSAL ready for hybrid or postquantum PKI? #517

Closed 3BK closed 1 year ago

3BK commented 1 year ago

It appears that MSAL uses algorithms like RS256.

Is MSAL ready for hybrid and postquantum PKI?

references https://www.ietf.org/archive/id/draft-prorock-cose-post-quantum-signatures-01.txt https://dl.acm.org/doi/abs/10.1007/978-3-031-20974-1_20 https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid

rayluo commented 1 year ago

It appears that MSAL uses algorithms like RS256.

In MSAL Python code base, there is only one occurrence of RS256, and that is only because that algorithm is recognized by the back end service. Besides, even that "RS256" code path can be skipped, if the caller provides its own assertion (again, providing that the new assertion's algorithm is recognized by the service side).

Is MSAL ready for hybrid and postquantum PKI?

MSAL itself does not really have a preference of using one algorithm or another. We haven't tested other algorithms. Feel free to explore and let us know whether you see some improvement is desirable.

3BK commented 1 year ago

Please see AzureAD/microsoft-authentication-library-for-dotnet] Is MSAL ready for hybrid and postquantum PKI? (Issue #3848).

There are several moving parts to consider.


From: Ray Luo @.> Sent: Wednesday, December 21, 2022 1:09:04 AM To: AzureAD/microsoft-authentication-library-for-python @.> Cc: Brent Kimberley @.>; Author @.> Subject: Re: [AzureAD/microsoft-authentication-library-for-python] Is MSAL ready for hybrid or postquantum PKI? (Issue #517)

It appears that MSAL uses algorithms like RS256.

In MSAL Python code base, there is only one occurrence of RS256https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzureAD%2Fmicrosoft-authentication-library-for-python%2Fblob%2F1.20.0%2Fmsal%2Fapplication.py%23L678&data=05%7C01%7Cbrent.kimberley%40durham.ca%7Cf418af39ecf64e161d7308dae319dd34%7C52d7c9c2d54941b69b1f9da198dc3f16%7C0%7C0%7C638071997486311948%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7smNsyVRabwXG5PgHkUMhLcds5FT5aNZ%2BdvOyo3%2BuWg%3D&reserved=0, and that is only because that algorithm is recognized by the back end service. Besides, even that "RS256" code path can be skipped, if the caller provides its own assertion (again, providing that the new assertion's algorithm is recognized by the service side).

Is MSAL ready for hybrid and postquantum PKI?

MSAL itself does not really have a preference of using one algorithm or another. We haven't tested other algorithms. Feel free to explore and let us know whether you see some improvement is desirable.

— Reply to this email directly, view it on GitHubhttps://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzureAD%2Fmicrosoft-authentication-library-for-python%2Fissues%2F517%23issuecomment-1360896735&data=05%7C01%7Cbrent.kimberley%40durham.ca%7Cf418af39ecf64e161d7308dae319dd34%7C52d7c9c2d54941b69b1f9da198dc3f16%7C0%7C0%7C638071997486311948%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Txmo8n6ayB9UTXIZhboxWeUCL1pwe1tW5PvIZv2XTWA%3D&reserved=0, or unsubscribehttps://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAJXZLIKRVAKRFZEK2ZAY5V3WOKNIBANCNFSM6AAAAAASUR27YM&data=05%7C01%7Cbrent.kimberley%40durham.ca%7Cf418af39ecf64e161d7308dae319dd34%7C52d7c9c2d54941b69b1f9da198dc3f16%7C0%7C0%7C638071997486311948%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gOW21N%2F%2BqlHyo3FG6LpgVjBVXTc8mr5M7ia9EwhHG%2Bs%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.***>

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

rayluo commented 1 year ago

Sure. Linking this issue to https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/3848

3BK commented 1 year ago

It appears that other vendors are future oriented.

https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html?m=1

https://blog.cloudflare.com/post-quantum-tunnel/

https://www.dwavesys.com/


From: Ray Luo @.> Sent: Saturday, September 16, 2023 2:59:00 AM To: AzureAD/microsoft-authentication-library-for-python @.> Cc: Brent Kimberley @.>; Author @.> Subject: Re: [AzureAD/microsoft-authentication-library-for-python] Is MSAL ready for hybrid or postquantum PKI? (Issue #517)

Closed #517https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/517 as not planned.

— Reply to this email directly, view it on GitHubhttps://github.com/AzureAD/microsoft-authentication-library-for-python/issues/517#event-10389146637, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJXZLIPQR2XZ2BQFMVO2VUDX2VE3JANCNFSM6AAAAAASUR27YM. You are receiving this because you authored the thread.Message ID: @.***>

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

3BK commented 1 year ago

Unless I'm mistaken, RSA(2048) has a strength of 56 bits (112/2). And RSA(3072) has a strength of 64 bits.

By design, MSAL is supposed to have a minimum strength of 112bits (assuming the data is ephemeral.) Likewise, MSAL is supposed to have a strength of 128bits if the data is persistent for more than 7 years.

Time to go back to MIT....


From: Brent Kimberley @.> Sent: Saturday, September 16, 2023 6:37:30 AM To: AzureAD/microsoft-authentication-library-for-python @.> Subject: Re: [AzureAD/microsoft-authentication-library-for-python] Is MSAL ready for hybrid or postquantum PKI? (Issue #517)

It appears that other vendors are future oriented.

https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html?m=1

https://blog.cloudflare.com/post-quantum-tunnel/

https://www.dwavesys.com/


From: Ray Luo @.> Sent: Saturday, September 16, 2023 2:59:00 AM To: AzureAD/microsoft-authentication-library-for-python @.> Cc: Brent Kimberley @.>; Author @.> Subject: Re: [AzureAD/microsoft-authentication-library-for-python] Is MSAL ready for hybrid or postquantum PKI? (Issue #517)

Closed #517https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/517 as not planned.

— Reply to this email directly, view it on GitHubhttps://github.com/AzureAD/microsoft-authentication-library-for-python/issues/517#event-10389146637, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJXZLIPQR2XZ2BQFMVO2VUDX2VE3JANCNFSM6AAAAAASUR27YM. You are receiving this because you authored the thread.Message ID: @.***>

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

3BK commented 1 year ago

Imagine what would happen to MSAL if a cubic search algorithm was used - instead of a quadratic algorithm such as Grover's algorithm.

Get Outlook for Androidhttps://aka.ms/AAb9ysg


From: Brent Kimberley @.> Sent: Saturday, September 16, 2023 6:43:15 AM To: AzureAD/microsoft-authentication-library-for-python @.> Subject: Re: [AzureAD/microsoft-authentication-library-for-python] Is MSAL ready for hybrid or postquantum PKI? (Issue #517)

Unless I'm mistaken, RSA(2048) has a strength of 56 bits (112/2). And RSA(3072) has a strength of 64 bits.

By design, MSAL is supposed to have a minimum strength of 112bits (assuming the data is ephemeral.) Likewise, MSAL is supposed to have a strength of 128bits if the data is persistent for more than 7 years.

Time to go back to MIT....


From: Brent Kimberley @.> Sent: Saturday, September 16, 2023 6:37:30 AM To: AzureAD/microsoft-authentication-library-for-python @.> Subject: Re: [AzureAD/microsoft-authentication-library-for-python] Is MSAL ready for hybrid or postquantum PKI? (Issue #517)

It appears that other vendors are future oriented.

https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html?m=1

https://blog.cloudflare.com/post-quantum-tunnel/

https://www.dwavesys.com/


From: Ray Luo @.> Sent: Saturday, September 16, 2023 2:59:00 AM To: AzureAD/microsoft-authentication-library-for-python @.> Cc: Brent Kimberley @.>; Author @.> Subject: Re: [AzureAD/microsoft-authentication-library-for-python] Is MSAL ready for hybrid or postquantum PKI? (Issue #517)

Closed #517https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/517 as not planned.

— Reply to this email directly, view it on GitHubhttps://github.com/AzureAD/microsoft-authentication-library-for-python/issues/517#event-10389146637, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJXZLIPQR2XZ2BQFMVO2VUDX2VE3JANCNFSM6AAAAAASUR27YM. You are receiving this because you authored the thread.Message ID: @.***>

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

3BK commented 1 year ago

Suggest upgrading to RSA 15360 ;) or migrating away from weak algorithms such as RSA.

https://www.f5.com/labs/articles/threat-intelligence/rsa-in-a-pre-post-quantum-computing-world


From: Ray Luo @.> Sent: Saturday, September 16, 2023 2:59:00 AM To: AzureAD/microsoft-authentication-library-for-python @.> Cc: Brent Kimberley @.>; Author @.> Subject: Re: [AzureAD/microsoft-authentication-library-for-python] Is MSAL ready for hybrid or postquantum PKI? (Issue #517)

Closed #517https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/517 as not planned.

— Reply to this email directly, view it on GitHubhttps://github.com/AzureAD/microsoft-authentication-library-for-python/issues/517#event-10389146637, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJXZLIPQR2XZ2BQFMVO2VUDX2VE3JANCNFSM6AAAAAASUR27YM. You are receiving this because you authored the thread.Message ID: @.***>

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

3BK commented 1 year ago

To elaborate, your cryptographers released a paper with Google, blackberry, and ibm claiming that there is a 50% chance that RSA will fail within the next 7+ years. You have a multi-billion dollar investment in a technology which your own experts expect to fail.

To tie a bow on this: Reasonable man theory refers to a test whereby a hypothetical person is used as a legal standard, especially to determine if someone acted with negligence.


From: Brent Kimberley @.> Sent: Saturday, September 16, 2023 8:42:00 AM To: AzureAD/microsoft-authentication-library-for-python @.> Subject: Re: [AzureAD/microsoft-authentication-library-for-python] Is MSAL ready for hybrid or postquantum PKI? (Issue #517)

Suggest upgrading to RSA 15360 ;) or migrating away from weak algorithms such as RSA.

https://www.f5.com/labs/articles/threat-intelligence/rsa-in-a-pre-post-quantum-computing-world


From: Ray Luo @.> Sent: Saturday, September 16, 2023 2:59:00 AM To: AzureAD/microsoft-authentication-library-for-python @.> Cc: Brent Kimberley @.>; Author @.> Subject: Re: [AzureAD/microsoft-authentication-library-for-python] Is MSAL ready for hybrid or postquantum PKI? (Issue #517)

Closed #517https://github.com/AzureAD/microsoft-authentication-library-for-python/issues/517 as not planned.

— Reply to this email directly, view it on GitHubhttps://github.com/AzureAD/microsoft-authentication-library-for-python/issues/517#event-10389146637, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJXZLIPQR2XZ2BQFMVO2VUDX2VE3JANCNFSM6AAAAAASUR27YM. You are receiving this because you authored the thread.Message ID: @.***>

THIS MESSAGE IS FOR THE USE OF THE INTENDED RECIPIENT(S) ONLY AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, PROPRIETARY, CONFIDENTIAL, AND/OR EXEMPT FROM DISCLOSURE UNDER ANY RELEVANT PRIVACY LEGISLATION. No rights to any privilege have been waived. If you are not the intended recipient, you are hereby notified that any review, re-transmission, dissemination, distribution, copying, conversion to hard copy, taking of action in reliance on or other use of this communication is strictly prohibited. If you are not the intended recipient and have received this message in error, please notify me by return e-mail and delete or destroy all copies of this message.

rayluo commented 1 year ago

@3BK , this issue in this repo was/is currently labeled as an answered question, and it is not immediately actionable on MSAL which is a client-side library. We can revisit this, preferably when some prerequisites are met. Meanwhile, you can keep track using that other issue where most of the conversation happened there.