On Tuesday, 13 March 2018 16:18:48 CET Ilari Liusvaara wrote: > On Mon, Mar 12, 2018 at 04:27:46PM +0100, Hubert Kario wrote: > > When the server supports externally set PSKs that use human readable > > identities (or, in general, guessable identities), the current text makes > > it trivial to perform enumeration attack. > > What would be impact of such enumeration attack? It seems to me that > not disclosing identities is to make weak passwords more difficult to > attack, but here there are no weak passwords.
the usernames themselves can be confidential information behaviour like that was considered a vulnerability before, irrespective of robustness of passwords: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5229 > Note that: > > - There is no protection for the PSK identity, so putting anything > sensitive in it is a bad idea. the server can be accessible both through Internet and through encrypted connections (e.g. IPsec), and while it exposing identities may not lead to an exploit, it very likely will make social engineering easier; it is information disclosure one way or the other > - Passive attack gives attacker not only a valid PSK identity, but > enough information to mount high-speed offline cracking attack on the > PSK secret. Only one captured key exchange is needed, and (EC)DHE > does not help. that does require you to be on-route of a connection and to capture it, that's much harder to do than firing up a simple script against any given server with PSK enabled. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls