From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: from tb-ob0.topicbox.com (tb-ob0.topicbox.com [64.147.108.117]) by inbox.vuxu.org (Postfix) with ESMTP id 0C929211EA for ; Mon, 13 May 2024 14:51:59 +0200 (CEST) Received: from tb-mx0.topicbox.com (tb-mx0.nyi.icgroup.com [10.90.30.73]) by tb-ob0.topicbox.com (Postfix) with ESMTP id 9D10225F28 for ; Mon, 13 May 2024 08:51:58 -0400 (EDT) (envelope-from bounce.mMa0d5d024db1989861dc8d9aa.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com) Received: by tb-mx0.topicbox.com (Postfix, from userid 1132) id 9AA4B18985BF; Mon, 13 May 2024 08:51:58 -0400 (EDT) ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=Kv7Lms1i header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; spf=pass smtp.mailfrom=charles.forsyth@gmail.com smtp.helo=mail-lj1-f178.google.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type:list-help:list-id:list-post :list-subscribe:reply-to:content-transfer-encoding :list-unsubscribe; s=sysmsg-1; t=1715604718; bh=bSOkmJgQ1xn/8Bxy 7jcjFT6ZG7Gkpa6Bknf7YQTlHX0=; b=b9wTtBVntBggnZpF4AXqaSVgTF0lVaU5 VVsghEDlqbZTjESKPxoZQALmRas+uR0paAZ43uaephGejs4AgM+NcW/t683eNW6d eBR7437pFz6CGlKoK5BRqdUW1h51n8bj2vFrTwOkWoEBDdaExFN/3/ZxBBZqXooc GdGCBEXP2IA= ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t= 1715604718; b=DWqa/QleRTixNwDGwlwKsVnDnj0HoizUs+7uDcUYt69VGdMcud H+t5qTLuK3un+aoiXCMz9PtjWzrC4baLD3bwaDQhh5YHmTclUeaJtv37kVairayK XhgxH8rE4eDgetO+FLPVyRxu3oyPwbFaXVT1RZ+OPsi/YgJfUYnkUTvss= Authentication-Results: topicbox.com; arc=pass; dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=Kv7Lms1i header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; spf=pass smtp.mailfrom=charles.forsyth@gmail.com smtp.helo=mail-lj1-f178.google.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) X-Received-Authentication-Results: tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=Kv7Lms1i header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.208.178 (mail-lj1-f178.google.com); spf=pass smtp.mailfrom=charles.forsyth@gmail.com smtp.helo=mail-lj1-f178.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=KxDP060/; x-me-sender=none; x-ptr=pass smtp.helo=mail-lj1-f178.google.com policy.ptr=mail-lj1-f178.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt3.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt3.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h= mime-version:references:in-reply-to:from:date:message-id:subject :to:content-type:list-help:list-id:list-post:list-subscribe :reply-to:content-transfer-encoding:list-unsubscribe; s=dkim-1; t=1715604718; x=1715691118; bh=Y1DQyx3W+IT8yTyRYc8DKaPdDckNaVBU HAZoluBWSqY=; b=iE01ndJQY4bjsuBS6nitSK0xENRxY3GOXiv9R1FeVhOnSGPf QaR7K/3mk4cxyhmVe3FSkkGZmPeY6JmJrYdzKDBpXyMYrn8SVF6XeO2AfWHQDotk 3Dl7k2Oyx+yCGXi+558qo+HejqA5aP18oU23vMj/BZ3GCI3AwPaa5abnMPo= Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1]) by tb-mx1.topicbox.com (Postfix) with ESMTP id 2436B1447DE0 for <9fans@9fans.net>; Mon, 13 May 2024 08:51:48 -0400 (EDT) (envelope-from charles.forsyth@gmail.com) Received: from tb-mx1.topicbox.com (localhost [127.0.0.1]) by tb-mx1.topicbox.com (Authentication Milter) with ESMTP id D020D788BF0; Mon, 13 May 2024 08:51:48 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1715604708; b=Hf1HMhB/hZjgDE6f4NCW6mnkVgBh26wjWhe9cQfg0TkUn2m5fk N5rvgOMVS/4BVpG8cf98Esic2OSKfSiiX9ovfsHQ+Zhrxk02lLhddxIMzEQ5HDEq noumnvUQCNFoT7V9/tYZwgn1+AmMzpNOS1bOKKW+QbShIWh5hNVRzDAI2KRJtCYk GtzolGvMwuf7joJo8T90qefNHt+J+rYWQq/BQ8JC8QT5E1q8qk11eNQyvOuSl8Ol KKJ9mkI6KxnNuTNSRJ9ZyRi1QSaDjlov+0pfkiTAAQ7k2xJsp7B7Czci7jDrPARw afXZNxbJL3Q4jfKTVne80f27Af8QNUmTkqTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; s=arcseal; t=1715604708; bh=CGJMHqAQwGsnqvRcHGGex6fUSl8PPX/jwqlMO9bNadA=; b=jfTDsrxEwxnR 03Ug8IVpHI+w5V789eZfjUEIFBrTDdphqgzesap0Bcs+F7ATQiayw2IzxcWlz3vy 9lm9eGORoHfqvaIG5zmGOzc9x5/rEqArJ4T0SwzHw0VZ07sOfhuYUv4SF/IB/8fV b1ycvN7cG2qukm795sn/tAxedmE5AN2oygwI2LWDfx5Mor0Ntw/8oxIxrWm55+ek TZFRg1UNfEuS7xTij2LdLZDMw0olLAebMMf/QXQBBEQnthgfN7Zr5bXXd1gI0boi HoVAmw+8Y5jE8jhY+mXpasYFfAp++MFNZxOevQjzjCHiCTzvQuA9hflmIjN9WFbW GSYVmau/Iw== ARC-Authentication-Results: i=1; tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC Policy is not at enforcement); dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com header.b=Kv7Lms1i header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass policy.published-domain-policy=none policy.published-subdomain-policy=quarantine policy.applied-disposition=none policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p header.from=gmail.com; iprev=pass smtp.remote-ip=209.85.208.178 (mail-lj1-f178.google.com); spf=pass smtp.mailfrom=charles.forsyth@gmail.com smtp.helo=mail-lj1-f178.google.com; x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net header.i=@1e100.net header.b=KxDP060/; x-me-sender=none; x-ptr=pass smtp.helo=mail-lj1-f178.google.com policy.ptr=mail-lj1-f178.google.com; x-return-mx=pass header.domain=gmail.com policy.is_org=yes (MX Records found: alt3.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt3.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvledrvdeggedgheejucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpeggfhgjhf ffkffuvfgtsegrtderredttdejnecuhfhrohhmpeevhhgrrhhlvghsucfhohhrshihthhh uceotghhrghrlhgvshdrfhhorhhshihthhesghhmrghilhdrtghomheqnecuggftrfgrth htvghrnhepfeeftefhvefhveetjedthfeifeeiveehjeelvdegvedvgeelgfevtdelgfeg ieeknecuffhomhgrihhnpehtohhpihgtsghogidrtghomhenucfkphepvddtledrkeehrd dvtdekrddujeeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthep vddtledrkeehrddvtdekrddujeekpdhhvghlohepmhgrihhlqdhljhduqdhfudejkedrgh hoohhglhgvrdgtohhmpdhmrghilhhfrhhomhepoegthhgrrhhlvghsrdhfohhrshihthhh sehgmhgrihhlrdgtohhmqedpnhgspghrtghpthhtohepuddprhgtphhtthhopeeolehfrg hnsheslehfrghnshdrnhgvtheq X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'charles.forsyth@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=tb-mx1.topicbox.com; identity=mailfrom; envelope-from="charles.forsyth@gmail.com"; helo=mail-lj1-f178.google.com; client-ip=209.85.208.178 Received: from mail-lj1-f178.google.com (mail-lj1-f178.google.com [209.85.208.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx1.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Mon, 13 May 2024 08:51:47 -0400 (EDT) (envelope-from charles.forsyth@gmail.com) Received: by mail-lj1-f178.google.com with SMTP id 38308e7fff4ca-2e1d6166521so44334521fa.1 for <9fans@9fans.net>; Mon, 13 May 2024 05:51:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715604706; x=1716209506; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=CGJMHqAQwGsnqvRcHGGex6fUSl8PPX/jwqlMO9bNadA=; b=KxDP060/SsmyVO/KbwpIMF+RdmCNGmQ+n05SiwXMk0YYZrUdI7IBf0iZZuYRtmCHg9 agti8v8KDXodlcw4nL4mjL1xySdHtAJDq7PNPSVHb3wbIfSupzQo+NqPV4UNmNZqUUcP hlZz9uGqyrQxj7RypaagjlXGqgd2SccK08Qx321OgkKdOfyils+0lBOJYEcApePBgzYZ yvKB+aSjE7bxHW00PQqalwyZjsPZKj/6zVmLWd/Xpm3mynWW9ckgOUteo2ku8fafZUWB z07Vb+NoanP0JzxuBJOQ9zYCQ0QTe8up/l22eFDdTTfMw0GwUXB2vj4t/GDTSbWdwmUQ wEEw== X-Gm-Message-State: AOJu0YyXS8/AB0Emv3Wpc9V4Z7aMEww2eauFa+VZEGsqbMGCKfEH/OsT iiEbtE0o8oo4etEIZkC3ySj9GWdNYhlAo5hwJ0XHgqohAw+Lhfx19vKqLRZOtYpZXNCC7oD+jAM 8ENQnDkiW5qZRn1WOzJXJZRmDAY0B2k5h+7w= X-Google-Smtp-Source: AGHT+IEDL5pdFTlrbE9TYlvFU4085x4ksaTieyHamtSIe5d1ttv+nYUskxEatqxmlOqgukElneGcDatchlpXsQAxhg0= X-Received: by 2002:a2e:b178:0:b0:2e1:d257:6437 with SMTP id 38308e7fff4ca-2e4b1791a50mr41691971fa.16.1715604705726; Mon, 13 May 2024 05:51:45 -0700 (PDT) MIME-Version: 1.0 References: <669b03a38d31b5bcf82b602c2485c843@hamnavoe.com> In-Reply-To: <669b03a38d31b5bcf82b602c2485c843@hamnavoe.com> From: Charles Forsyth Date: Mon, 13 May 2024 13:51:34 +0100 Message-ID: Subject: Re: [9fans] one weird trick to break p9sk1 ? To: 9fans <9fans@9fans.net> Content-Type: multipart/alternative; boundary=0000000000000f594a06185559e6 Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: 92174204-1127-11ef-91b0-c3607637a302 Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?= =?UTF-8?B?ZmFucy9UNTYzOTdlZmY2MjY5YWYyNy1NYTBkNWQwMjRkYjE5ODk4NjFkYzhk?= =?UTF-8?B?OWFhPg==?= List-Help: List-Id: "9fans" <9fans.9fans.net> List-Post: List-Software: Topicbox v0 List-Subscribe: Precedence: list Reply-To: 9fans <9fans@9fans.net> Content-Transfer-Encoding: 7bit List-Unsubscribe: , Topicbox-Delivery-ID: 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Ma0d5d024db1989861dc8d9aa:1:oRzlz28A9PJn5v8DGlihZLfk_TRLapzwWW5WpJhzywk --0000000000000f594a06185559e6 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable > > (OK, I know that's delusional because I've installed go. But maybe > not for much longer, as google seems determined to introduce python3 > as a dependency.) wat!?? On Mon, 13 May 2024 at 13:48, Richard Miller <9fans@hamnavoe.com> wrote: > crossd@gmail.com: > > As for the proposed strawman `p9sk3`, I fail to see what advantage > > that would have over dp9ik >=20 > My point was only about the advantage of p9sk3 over p9sk1, not to > compare it with anything else. The intent was to counter the implication > that p9sk1 is terrible and completely broken, by suggesting that the > threat of brute-forcing the entire keyspace can be mitigated with a > small, local and very easy to understand variation to the ticket service > (with no change to the protocol on-the-wire). Of course it doesn't > mitigate > the problem of users negligently choosing weak passwords. dp9ik has the > extra advantage of doing that too, by removing the opportunity for offline > dictionary attacks. >=20 ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T56397eff6269af27-Ma0d5d= 024db1989861dc8d9aa Delivery options: https://9fans.topicbox.com/groups/9fans/subscription --0000000000000f594a06185559e6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
(OK, I know that's delusional beca= use I've installed go. But maybe
not for much longer, as google seems determined to introduce python3=
as a dependency.)

wat!?? 

On Mon, 13 May 2024 at 13= :48, Richard Miller <9fans@hamnavo= e.com> wrote:
crossd@gmail.c= om:
> As for the proposed strawman `p9sk3`, I fail to see what advantage
> that would have over dp9ik

My point was only about the advantage of p9sk3 over p9sk1, not to
compare it with anything else. The intent was to counter the implication that p9sk1 is terrible and completely broken, by suggesting that the
threat of brute-forcing the entire keyspace can be mitigated with a
small, local and very easy to understand variation to the ticket service (with no change to the protocol on-the-wire).  Of course it doesn'= t mitigate
the problem of users negligently choosing weak passwords.  dp9ik has t= he
extra advantage of doing that too, by removing the opportunity for offline<= br /> dictionary attacks.


------------------------------------------
9fans: 9fans
Permalink: https:= //9fans.topicbox.com/groups/9fans/T56397eff6269af27-M86b283cc4c651efabdf9c3= da
Delivery options: https://9fans.topicbox.com/gro= ups/9fans/subscription
= --0000000000000f594a06185559e6--