Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration
Hubert Kario <hkario@redhat.com> Tue, 13 March 2018 17:44 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AACF4124BAC; Tue, 13 Mar 2018 10:44:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, T_SPF_HELO_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a6eX_hsX32th; Tue, 13 Mar 2018 10:44:47 -0700 (PDT)
Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9B9A127601; Tue, 13 Mar 2018 10:44:47 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id DBCA44023BB3; Tue, 13 Mar 2018 17:44:46 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (unknown [10.43.21.223]) by smtp.corp.redhat.com (Postfix) with ESMTP id 270DFAB400; Tue, 13 Mar 2018 17:44:45 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: TLS WG <tls@ietf.org>, iesg@ietf.org
Date: Tue, 13 Mar 2018 18:44:39 +0100
Message-ID: <3060420.fu6fxUo7fv@pintsize.usersys.redhat.com>
In-Reply-To: <20180313151848.GA26250@LK-Perkele-VII>
References: <6112806.hxzZ6NivhB@pintsize.usersys.redhat.com> <20180313151848.GA26250@LK-Perkele-VII>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart3827793.3DyBKaybik"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Tue, 13 Mar 2018 17:44:46 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Tue, 13 Mar 2018 17:44:46 +0000 (UTC) for IP:'10.11.54.5' DOMAIN:'int-mx05.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'hkario@redhat.com' RCPT:''
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/sKnVsFi3MZOKVzpLP5s1H1-ajo0>
Subject: Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable to externally set PSK identity enumeration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 17:44:50 -0000
On Tuesday, 13 March 2018 16:18:48 CET Ilari Liusvaara wrote: > On Mon, Mar 12, 2018 at 04:27:46PM +0100, Hubert Kario wrote: > > When the server supports externally set PSKs that use human readable > > identities (or, in general, guessable identities), the current text makes > > it trivial to perform enumeration attack. > > What would be impact of such enumeration attack? It seems to me that > not disclosing identities is to make weak passwords more difficult to > attack, but here there are no weak passwords. the usernames themselves can be confidential information behaviour like that was considered a vulnerability before, irrespective of robustness of passwords: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0190 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5229 > Note that: > > - There is no protection for the PSK identity, so putting anything > sensitive in it is a bad idea. the server can be accessible both through Internet and through encrypted connections (e.g. IPsec), and while it exposing identities may not lead to an exploit, it very likely will make social engineering easier; it is information disclosure one way or the other > - Passive attack gives attacker not only a valid PSK identity, but > enough information to mount high-speed offline cracking attack on the > PSK secret. Only one captured key exchange is needed, and (EC)DHE > does not help. that does require you to be on-route of a connection and to capture it, that's much harder to do than firing up a simple script against any given server with PSK enabled. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
- [TLS] draft-ietf-tls-tls13-26 is vulnerable to ex… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Ilari Liusvaara
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Christian Huitema
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Lanlan Pan
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Viktor Dukhovni
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Daniel Kahn Gillmor
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Joseph Lorenzo Hall
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Nikos Mavrogiannopoulos
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Benjamin Kaduk
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Sean Turner
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Eric Rescorla
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Kathleen Moriarty
- Re: [TLS] draft-ietf-tls-tls13-26 is vulnerable t… Hubert Kario