W3C home > Mailing lists > Public > public-webscreens@w3.org > September 2019

Re: [openscreenprotocol] Add psk-min-bits-of-entropy (#208)

From: nigelcearnshaw via GitHub <sysbot+gh@w3.org>
Date: Fri, 06 Sep 2019 16:55:25 +0000
To: public-webscreens@w3.org
Message-ID: <issue_comment.created-528931221-1567788924-sysbot+gh@w3.org>
Related: Do we assume that n bits of entropy is always conveyed in a PSK of n bits. Probably fair, but it does mean we are always exercising the number range 0-2^n -1 when strictly speaking we don't care where the entropy bits are in the wider number space. There are after all  something of the order of 2^240 elements available in a 25519 curve. If some presenter devices add non random bits to the PSK, perhaps because of a fixed salt value, or a brand mark, or the time of day - all non random - they would actually be potentially exercising a different random set of 2^n elements from within the full set of 2^240 odd.

I agree that a bit field length of less than n is definitely a downgrade attack, but a downgrade attack might be concealed if an honest presenter was augmenting the n bits of entropy with other non random fields and presenting a PSK of n random +more non random bits

Should we specify entropy n = PSK bit field length or remain silent, potentially undermining this test.
Maybe allowing larger total bit field lengths causes performance issues?

GitHub Notification of comment by nigelcearnshaw
Please view or discuss this issue at https://github.com/webscreens/openscreenprotocol/pull/208#issuecomment-528931221 using your GitHub account
Received on Friday, 6 September 2019 16:55:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:23:19 UTC