W3C home > Mailing lists > Public > public-webscreens@w3.org > September 2019

Re: [openscreenprotocol] Add psk-min-bits-of-entropy (#208)

From: nigelcearnshaw via GitHub <sysbot+gh@w3.org>
Date: Fri, 06 Sep 2019 16:55:25 +0000
To: public-webscreens@w3.org
Message-ID: <issue_comment.created-528931221-1567788924-sysbot+gh@w3.org>
Related: Do we assume that n bits of entropy is always conveyed in a PSK of n bits. Probably fair, but it does mean we are always exercising the number range 0-2^n -1 when strictly speaking we don't care where the entropy bits are in the wider number space. There are after all  something of the order of 2^240 elements available in a 25519 curve. If some presenter devices add non random bits to the PSK, perhaps because of a fixed salt value, or a brand mark, or the time of day - all non random - they would actually be potentially exercising a different random set of 2^n elements from within the full set of 2^240 odd.

I agree that a bit field length of less than n is definitely a downgrade attack, but a downgrade attack might be concealed if an honest presenter was augmenting the n bits of entropy with other non random fields and presenting a PSK of n random +more non random bits

Should we specify entropy n = PSK bit field length or remain silent, potentially undermining this test.
Maybe allowing larger total bit field lengths causes performance issues?

-- 
GitHub Notification of comment by nigelcearnshaw
Please view or discuss this issue at https://github.com/webscreens/openscreenprotocol/pull/208#issuecomment-528931221 using your GitHub account
Received on Friday, 6 September 2019 16:55:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:23:19 UTC