Re: [TLS] PSK in 1.3?

"Dan Harkins" <dharkins@lounge.org> Tue, 24 February 2015 00:06 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D436A1A1A80 for <tls@ietfa.amsl.com>; Mon, 23 Feb 2015 16:06:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.867
X-Spam-Level:
X-Spam-Status: No, score=-3.867 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NnfHk3q8bV5i for <tls@ietfa.amsl.com>; Mon, 23 Feb 2015 16:06:52 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id D1A761A1A79 for <tls@ietf.org>; Mon, 23 Feb 2015 16:06:52 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 2D36F10224008; Mon, 23 Feb 2015 16:06:52 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Mon, 23 Feb 2015 16:06:52 -0800 (PST)
Message-ID: <ab84dca54551eee2f845f6fb0274d6c1.squirrel@www.trepanning.net>
In-Reply-To: <AA125A16-FD73-42C2-B196-89FFC6E9ED92@pahtak.org>
References: <544384C7.9030002@polarssl.org> <78795A6D-3DFA-41C6-A380-C63DDF4C0285@gmail.com> <5443BF11.3090505@polarssl.org> <1D875BD8-2727-4895-842A-FC4FAA482E15@gmail.com> <5e587b4474939cad09c12cbf3625dd98.squirrel@www.trepanning.net> <CAO9bm2mQzjiLpMgB-mh-bRca-A2gkTZiBd9c3CsFq4kekBGxUw@mail.gmail.com> <07df9eeefbc1738ea645d72d0afb35b5.squirrel@www.trepanning.net> <mc9gjp$7nv$1@ger.gmane.org> <5f40f09f6b0268a455f281297c971708.squirrel@www.trepanning.net> <AA125A16-FD73-42C2-B196-89FFC6E9ED92@pahtak.org>
Date: Mon, 23 Feb 2015 16:06:52 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Stephen Checkoway <s@pahtak.org>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/jQ5lULHuoNsC4iTK-2EAalGqadk>
Cc: tls@ietf.org
Subject: Re: [TLS] PSK in 1.3?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Feb 2015 00:06:54 -0000

On Mon, February 23, 2015 12:55 pm, Stephen Checkoway wrote:
>
> On Feb 23, 2015, at 12:34 PM, Dan Harkins <dharkins@lounge.org> wrote:
>
>> On Sat, February 21, 2015 12:45 am, Alex Elsayed wrote:
>>> No, its model is "For shared keys drawn uniformly from {0,1}^n, this is
>>> secure".
>>
>>  No, it's not. If n=8 then the attack is trivial and succeeds almost
>> instantaneously. If n=128 then with high probability a dictionary attack
>> will not be successful. But in neither case is that "secure".
>
> What is your definition of secure then?

  I meant _the protocol_ is not secure in either case. The protocol doesn't
magically become secure because it gets used differently. I gave a
definition in this thread already.

  Dan.