woodbe
commented
1 month ago Is there a place to link this related to password hashing as well? It would seem like we need to do this to be complete based on #319.
Closed jvdsn closed 1 month ago
woodbe
commented
1 month ago Is there a place to link this related to password hashing as well? It would seem like we need to do this to be complete based on #319.
jvdsn
commented
1 month ago Perhaps in an application note for FIA_UAU.2? We don't have to make password hashing (or passwords in general) mandatory, but we can say that if password hashing is performed using PBKDF2, FCS_CKM_EXT.8 must be claimed.
woodbe
commented
1 month ago OK, then let's skip it. I don't think that is really useful looking at the app note and the SFR, so I think we are OK. If someone is building authentication services at a higher level, they would need to do the right thing, we don't really do user-auth in the DSC directly, so it is unlikely to really be needed directly, so I think we can consider the answer to be no to adding it elsewhere beyond the proposed addition.
What is the location of the document where the comment is made? Section B.1.5
Comment Type. S = Substantial: a comment or issue significant enough to warrant a possible objection if the change (or a similar objective) is not met.
What is the comment? Please describe. In Section B.1.5, the selection-based SFR FCS_CKM_EXT.8 Password-Based Key Derivation is defined. But throughout the cPP, no information is provided on when FCS_CKM_EXT.8 should be claimed in the ST.
Describe the proposed solution/edit Suggest to add into FCS_CKM.1.1 one more selection option of PBKDF, as shown below, and the related application notes.