- From: nigelcearnshaw via GitHub <sysbot+gh@w3.org>
- Date: Fri, 06 Sep 2019 16:55:25 +0000
- To: public-webscreens@w3.org
Related: Do we assume that n bits of entropy is always conveyed in a PSK of n bits. Probably fair, but it does mean we are always exercising the number range 0-2^n -1 when strictly speaking we don't care where the entropy bits are in the wider number space. There are after all something of the order of 2^240 elements available in a 25519 curve. If some presenter devices add non random bits to the PSK, perhaps because of a fixed salt value, or a brand mark, or the time of day - all non random - they would actually be potentially exercising a different random set of 2^n elements from within the full set of 2^240 odd. I agree that a bit field length of less than n is definitely a downgrade attack, but a downgrade attack might be concealed if an honest presenter was augmenting the n bits of entropy with other non random fields and presenting a PSK of n random +more non random bits Should we specify entropy n = PSK bit field length or remain silent, potentially undermining this test. Maybe allowing larger total bit field lengths causes performance issues? -- GitHub Notification of comment by nigelcearnshaw Please view or discuss this issue at https://github.com/webscreens/openscreenprotocol/pull/208#issuecomment-528931221 using your GitHub account
Received on Friday, 6 September 2019 16:55:27 UTC