On Mon, Mar 12, 2018 at 04:27:46PM +0100, Hubert Kario wrote: > When the server supports externally set PSKs that use human readable > identities (or, in general, guessable identities), the current text makes it > trivial to perform enumeration attack.
What would be impact of such enumeration attack? It seems to me that not disclosing identities is to make weak passwords more difficult to attack, but here there are no weak passwords. Note that: - There is no protection for the PSK identity, so putting anything sensitive in it is a bad idea. - The identity can not be used without the associated secret, which needs to withstand serious offline cracking attempts anyway. - Passive attack gives attacker not only a valid PSK identity, but enough information to mount high-speed offline cracking attack on the PSK secret. Only one captured key exchange is needed, and (EC)DHE does not help. The last point is why PSK secrets need to have enough entropy to resist high-speed offline cracking. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
