Re: Salsa update: no more "-guest" and more

To: debian-devel@lists.debian.org
Subject: Re: Salsa update: no more "-guest" and more
From: Thomas Goirand <zigo@debian.org>
Date: Mon, 27 Apr 2020 11:09:43 +0200
Message-id: <[🔎] 56e1e730-ab22-9b1e-8a70-f208b9d05e99@debian.org>
In-reply-to: <[🔎] 871ro93hmm.fsf@hope.eyrie.org>
References: <20200418213339.GB32260@waldi.eu.org> <[🔎] 8555e1c9-2ae9-fc7e-8278-4e4e1bf1b0f1@bzed.de> <[🔎] 20200425164941.4nrgwu636mk564y5@shell.thinkmo.de> <[🔎] B4960B93-DB48-469A-A2A2-6E2D7383D219@bzed.de> <[🔎] 1aa1982f-e333-df39-121c-b7d0ceecaf3c@debian.org> <[🔎] 45946438-59a6-f2f3-98b0-3610c4982441@bzed.de> <[🔎] b8e504e4-5281-5833-750f-f613b26136b4@debian.org> <[🔎] de5ebb9f-a729-f0ae-653a-2053ef7fd8cd@bzed.de> <[🔎] d8e1363e-59e3-5925-c403-a6f0cc7dac49@debian.org> <[🔎] 871ro93hmm.fsf@hope.eyrie.org>

On 4/27/20 2:19 AM, Russ Allbery wrote:
> Thomas Goirand <zigo@debian.org> writes:
> 
>> Now, if you want something safer, maybe we could implement something
>> that involves crypto a smarter way, like SQRL, so we avoid storing any
>> password in Salsa, even hashed:
>> https://www.grc.com/sqrl/sqrl.htm
> 
> I don't know anything about SQRL (and am too lazy to try to digest the
> PDFs on that web site), but I'll assume that this shares with PAKE schemes
> the requirement that the client do crypto.  PAKE has always looked like a
> good idea up until one starts trying to tackle the problem of deploying
> clients everywhere you need them, at which point it usually ends up
> looking easier to just use TLS client certificates.

Except that SQRL has no password involved, just crypto.

Since you are too lazy to read on, let me do a tl;dr. Simply put, the
client holds a private key. From that private key, a new one is derived
doing a HMAC of that key with the domain, meaning a client has a unique
public/private keypair for each site. Then the site only holds the
public key, and the client auth using his private key (again, unique to
each site), presented a one time challenge.

As a result, the site *never* store any secret from the client (again:
no passwords involved), only the identity of the user (ie: his public
key for that site). So there's nothing to be stolen from the server,
which is the very point.

Cheers,

Thomas Goirand (zigo)

Reply to:

Follow-Ups:
- Re: Salsa update: no more "-guest" and more
  - From: Russ Allbery <rra@debian.org>

References:
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Bastian Blank <waldi@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: IOhannes m zmölnig (Debian/GNU) <umlaeute@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Bernd Zeimetz <bernd@bzed.de>
- Re: Salsa update: no more "-guest" and more
  - From: Thomas Goirand <zigo@debian.org>
- Re: Salsa update: no more "-guest" and more
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Salsa update: no more "-guest" and more
Next by Date: Quick Bits: ML-Policy Updates; Recent Progress of Deep Learning Packaging
Previous by thread: Re: Salsa update: no more "-guest" and more
Next by thread: Re: Salsa update: no more "-guest" and more
Index(es):
- Date
- Thread