Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

state what salt does #417

Closed
bc-pi opened this issue Mar 20, 2024 · 4 comments · Fixed by #421
Closed

state what salt does #417

bc-pi opened this issue Mar 20, 2024 · 4 comments · Fixed by #421

Comments

@bc-pi
Copy link
Collaborator

bc-pi commented Mar 20, 2024
edited

question from an email,

... rookie question on your draft for SD-JWT. What is the use case of the salt, and how does it help to hide the claim values?

my response:

I was going to point you to some text in the draft that explains it but unfortunately couldn't find such text. That's maybe something that should be fixed. Sections 10.3 - 10.5 kinda say something about it but the reason is mostly just implied. Basically the salt makes it computationally infeasible to enumerate a potential value space for a claim name/value into the hash function to try and find the matching hash value. Thereby making impossible brute force style attempts to 'reverse' a hash value by hashing all reasonable input values to try and find a match to the hash value. If that makes any sense? To put it another way (which may or may not be helpful), the salt makes it computationally infeasible to guess the preimage of the digest.

The exchange makes me think a brief mention/explanation what salt does/provides in the SD-JWT context would be a worthwhile addition. Maybe just add or modify a sentence or two in sec 10.3. And/or something in https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-08.html#section-5.2.1-2.1.2.1 where the salt value in the Disclosure is introduced/described.
@larryzhu2018
Copy link

larryzhu2018 commented Mar 20, 2024
edited

Hi Brian, just check for understanding: does the issuer send the clear text values of the disclosed claims to the holder and verifier or does the issuer only send the salted hashes?

       +------------+
       |            |
       |   Issuer   |
       |            |
       +------------+
             |
        Issues SD-JWT
  including all Disclosures
             |
             v
       +------------+
       |            |
       |   Holder   |
       |            |
       +------------+
             |
       Presents SD-JWT
including selected Disclosures
             |
             v
       +-------------+
       |             |+
       |  Verifiers  ||+
       |             |||
       +-------------+||
        +-------------+|
         +-------------+

@bc-pi
Copy link
Collaborator Author

bc-pi commented Mar 20, 2024

I'm sorry but I don't quite understand the question or how it relates to the small change I'm suggesting in this issue.

@selfissued
Copy link
Collaborator

FYI, I was asked what the salt does by an IETF attendee yesterday. I support explaining this in the draft.

@bc-pi bc-pi linked a pull request Mar 24, 2024 that will close this issue
better explain what salt does #421
Merged
@bc-pi
Copy link
Collaborator Author

bc-pi commented Mar 24, 2024

PR #421 has some proposed text

@bc-pi bc-pi closed this as completed in #421 Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

better explain what salt does oauth-wg/oauth-selective-disclosure-jwt
3 participants
@selfissued @larryzhu2018 @bc-pi