[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Safety of pre-shared keys? (Re: Reliable delete notifies)
What you say is true. It means that with preshared key you have
a scalability problem.
And this is why public-key cryptography and certificates
are so great. I am all for it.
Still this does not mean that pre-shared keys (and pre-shared mode)
are inherently insecure as some of the msgs to this list seem to imply.
Well managed pre-shared keys (and this is only possible in relatively
small scale) may be better than wrongly-managed certificates (as in
today's SSL reality)
Hugo
On Tue, 24 Oct 2000, Chris Trobridge wrote:
> Isn't the biggest difference that whilst you need to ensure that the peer
> receives the correct self-signed public key out-of-band (authenticity
> requirement), if a secret key is used then there is an additional
> confidentiality requirement.
>
> A self-signed certicate also includes an implicit integrity check which is
> also important.
>
> This all means that handling of self-signed certificates is much less
> onerous than pre-shared secert keys.
>
> Chris
>
> > Note that the vulnerabilities of pre-shared key that you refer to
> > only apply to the case of a WEAK KEY (such as a password-derived key).
> > It says nothing about the security of the pre-shared mode (main
> > or agressive) when using a strong key.
> > In such a case there is no security problem!
> > (There is always a security problem if you do not choose your keys
> > correctly or you do not know how to manage them securely).
> >
> > In any case preshared mode (main or aggressive) was NOT designed to be
> > used with passwords. A password-based protocol needs a
> > specialized design
> > (either a new mode for IKE or the proposals of ipsra).
> >
> > Hugo
>
Follow-Ups:
References: