search

cfrg / draft-irtf-cfrg-opaque

The OPAQUE Asymmetric PAKE Protocol
https://cfrg.github.io/draft-irtf-cfrg-opaque/draft-irtf-cfrg-opaque.html
Other
100 stars 20 forks source link

Clarifications about Threshold OPRF #397

Closed bytemare closed 1 year ago

bytemare commented 1 year ago

Addresses and closes #389 and #390

hugokraw commented 1 year ago

I commented on this issue ("distributing the server") in the repository,

389

If you rephrase, please let me know so I take a look (hopefully, you will not want to eliminate it)

On Tue, Mar 21, 2023 at 7:40 AM Christopher Wood @.***> wrote:

@.**** commented on this pull request.

In draft-irtf-cfrg-opaque.md https://github.com/cfrg/draft-irtf-cfrg-opaque/pull/397#discussion_r1143247313 :

@@ -2127,10 +2126,11 @@ disclose their passwords to the server, even during registration. Note that a co server can run an exhaustive offline dictionary attack to validate guesses for the client's password; this is inevitable in any aPAKE protocol. (OPAQUE enables defense against such

@bytemare https://github.com/bytemare will you be able to update this text?

— Reply to this email directly, view it on GitHub https://github.com/cfrg/draft-irtf-cfrg-opaque/pull/397#discussion_r1143247313, or unsubscribe https://github.com/notifications/unsubscribe-auth/AICFFXTZNZSKF25AIMCD7OLW5GHUBANCNFSM6AAAAAAVUL6DIA . You are receiving this because you were mentioned.Message ID: @.***>

chris-wood commented 1 year ago

@bytemare can you run make fix-lint to tidy up whitespace?

hugokraw commented 1 year ago

Sorry, one more comment. I suggest the following edit (marked in italics)

The authors suggest implementing the OPRF phase as a Threshold OPRF {{TOPPSS}}, effectively forcing an attacker to act online or to control at least t key shares, where t is the threshold number of shares necessary to recombine the secret OPRF key, and only then be able to run an offline dictionary attack.

You may or may not comment also in the following point: If the OPRF servers are separate from the authentication server then finding all n shares still does not help since you cannot run the dictionary attack without the server's database.

On Wed, Mar 22, 2023 at 8:54 AM Christopher Wood @.***> wrote:

Merged #397 https://github.com/cfrg/draft-irtf-cfrg-opaque/pull/397 into master.

— Reply to this email directly, view it on GitHub https://github.com/cfrg/draft-irtf-cfrg-opaque/pull/397#event-8816475276, or unsubscribe https://github.com/notifications/unsubscribe-auth/AICFFXUDEXDKNEKVVDJLVSLW5LZAFANCNFSM6AAAAAAVUL6DIA . You are receiving this because you were mentioned.Message ID: @.***>