The IESG has approved the following document: - 'Adding Support for Salted Password Databases to EAP-pwd' (draft-harkins-salted-eap-pwd-08.txt) as Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-harkins-salted-eap-pwd/ Technical Summary EAP-pwd is an EAP method that uses a shared password for authentication using a technique that is resistant to dictionary attack. It included support for raw keys and RFC2751-style double hashing of a password but did not include support for salted passwords. There are many existing databases of salted passwords and it is desirable to allow their use with EAP-pwd. Working Group Summary This is an individual draft that was reviewed on a few mailing lists. Reviews were sparse, so I reached out to several reviewers with expertise in the technologies used. The feedback was discussed and incorporated into the draft prior to the IETF last call. Document Quality There are implementations of the EAP-pwd base specification for several operating systems (Windows, Linux, Android), originating from one vendor (Aruba Networks / HP Enterprise). The same vendor (and in fact author of the spec) also has running code for this new draft. This code is unpublished due to the lack of code points. When this draft gets published as RFC with the corresponding IANA actions, it can be expected that the implementation will be out soon after. Personnel The Document Shepherd is Stefan Winter <stefan.winter@restena.lu>. The responsible Area Director is Kathleen Moriarty (kathleen.moriarty.ietf@gmail.com) IANA Note This draft adds eight values to the "password preprocessing method registry" established by [RFC5931].
