On Tuesday, 13 March 2018 16:18:48 CET Ilari Liusvaara wrote:
> On Mon, Mar 12, 2018 at 04:27:46PM +0100, Hubert Kario wrote:
> > When the server supports externally set PSKs that use human readable
> > identities (or, in general, guessable identities), the current text makes
> > it trivial to perform enumeration attack.
> 
> What would be impact of such enumeration attack? It seems to me that
> not disclosing identities is to make weak passwords more difficult to
> attack, but here there are no weak passwords.

the usernames themselves can be confidential information

behaviour like that was considered a vulnerability before, irrespective of 
robustness of passwords:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5229

> Note that:
> 
> - There is no protection for the PSK identity, so putting anything
>   sensitive in it is a bad idea.

the server can be accessible both through Internet and through encrypted 
connections (e.g. IPsec), and while it exposing identities may not lead to an 
exploit, it very likely will make social engineering easier; it is information 
disclosure one way or the other

> - Passive attack gives attacker not only a valid PSK identity, but
>   enough information to mount high-speed offline cracking attack on the
>   PSK secret. Only one captured key exchange is needed, and (EC)DHE
>   does not help.

that does require you to be on-route of a connection and to capture it, that's 
much harder to do than firing up a simple script against any given server with 
PSK enabled.

-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 115, 612 00  Brno, Czech Republic

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls

Reply via email to