[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Salsa update: no more "-guest" and more

On 4/27/20 2:19 AM, Russ Allbery wrote:
> Thomas Goirand <zigo@debian.org> writes:
>> Now, if you want something safer, maybe we could implement something
>> that involves crypto a smarter way, like SQRL, so we avoid storing any
>> password in Salsa, even hashed:
>> https://www.grc.com/sqrl/sqrl.htm
> I don't know anything about SQRL (and am too lazy to try to digest the
> PDFs on that web site), but I'll assume that this shares with PAKE schemes
> the requirement that the client do crypto.  PAKE has always looked like a
> good idea up until one starts trying to tackle the problem of deploying
> clients everywhere you need them, at which point it usually ends up
> looking easier to just use TLS client certificates.

Except that SQRL has no password involved, just crypto.

Since you are too lazy to read on, let me do a tl;dr. Simply put, the
client holds a private key. From that private key, a new one is derived
doing a HMAC of that key with the domain, meaning a client has a unique
public/private keypair for each site. Then the site only holds the
public key, and the client auth using his private key (again, unique to
each site), presented a one time challenge.

As a result, the site *never* store any secret from the client (again:
no passwords involved), only the identity of the user (ie: his public
key for that site). So there's nothing to be stolen from the server,
which is the very point.


Thomas Goirand (zigo)

Reply to: