Giters

usnistgov / 800-63-3

Home to public development of NIST Special Publication 800-63-3: Digital Authentication Guidelines

Home Page:https://pages.nist.gov/800-63-3/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Out-of-Band Authenticators: Required Entropy For Authentication Secrets

mitchellhenke opened this issue · comments

commented

Hello!

This might be a normative change as I understand it, though I may be incorrect. I would like to see further clarification and potentially an adjustment in the required entropy for out-of-band authentication secrets. Section 5.1.3 in 800-63B on out-of-band devices states that:

The verifier SHALL generate random authentication secrets with at least 20 bits of entropy

Many implementations of out-of-band authenticators generate a random 6-digit code, which falls just short of the required entropy required.

$$ {log_2 (10^6) ≈ 19.9315685693} $$

I was searching for related issues and found an older comment from Jim Fenton on 6-digit PINs stating that it would be "approximately 20 bits".

Section 5.1.5.1 also mentions:

The authenticator output MAY be truncated to as few as 6 decimal digits (approximately 20 bits of entropy)

It seems like strict compliance with section 5.1.3 would require increasing to 7 decimal digits to ensure that there is at least 20 bits of entropy.

With broad adoption of 6-digit codes for out-of-band authentication and other references in 800-63 to 6 digits being approximately 20 bits, would it be feasible to require only 19.9 bits of entropy for authentication secrets rather than the current 20, or to explicitly state that approximately 20 bits are required?

Thank you in advance 🙂

commented

The omission of the word "approximately" in SP 800-63B Section 5.1.2.1 and 5.1.3.2 should not be considered intentional as compared with the language in 5.1.4.1 and 5.1.5.1 . We consider the use of 19.93... bits of entropy to not be a significant deviation from the requirement and it should not cause a compliance issue.

commented

Thank you greatly for the quick response and clarification!

If possible, I think making that explicit in the specification would be awesome and very helpful. Some compliance audits against the spec can be relatively strict to the letter (rather than the intent), and slight deviations are enough to be a snag. If there's anything at all I can do to assist with drafting the change or otherwise, please do let me know 🙂