[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Safety of pre-shared keys? (Re: Reliable delete notifies)



With a private key, the private key can be generated, used and stored
entirely within a tamper proof enclosure.  The pre-shared secret key can be
treated likewise but must also be exported to peers.  Thus the exposure of
the secret key is greater than the private key.  It can't be any less.
Depending on how secure the transport mechanism is, it could be the weakest
point in the system.

Chris

> Each party still has to protect the secrecy and integrity of
> its own secret key in the signature mode.
> 
> I fail to see any big difference in protecting the secret key
> and the pre-shared key.
> 
> Pau-Chen
> 
> > From owner-ipsec@lists.tislabs.com Tue Oct 24 13:08:30 2000
> > Message-Id: 
> <1FD60AE4DB6CD2118C420008C74C27B854AB6D@hhdata3.cdsemea.baltimore.com>
> > From: Chris Trobridge <CTrobridge@baltimore.com>
> > To: ipsec <ipsec@lists.tislabs.com>
> > Subject: RE: Safety of pre-shared keys? (Re: Reliable 
> delete notifies)
> > Date: Tue, 24 Oct 2000 17:33:18 +0100
> > Mime-Version: 1.0
> > X-Mailer: Internet Mail Service (5.5.2650.21)
> > Content-Type: text/plain;
> 	charset="iso-8859-1"
> > Sender: owner-ipsec@lists.tislabs.com
> > Precedence: bulk
> > Content-Length: 1095
> > Status: RO
> > 
> > Isn't the biggest difference that whilst you need to ensure 
> that the peer
> > receives the correct self-signed public key out-of-band 
> (authenticity
> > requirement), if a secret key is used then there is an additional
> > confidentiality requirement.
> > 
> > A self-signed certicate also includes an implicit integrity 
> check which is
> > also important.
> > 
> > This all means that handling of self-signed certificates is 
> much less
> > onerous than pre-shared secert keys.
> > 
> > Chris
> > 
> > > Note that the vulnerabilities of pre-shared key that you refer to
> > > only apply to the case of a WEAK KEY (such as a 
> password-derived key).
> > > It says nothing about the security of the pre-shared mode (main
> > > or agressive) when using a strong key.
> > > In such a case there is no security problem!
> > > (There is always a security problem if you do not choose your keys
> > > correctly or you do not know how to manage them securely).
> > > 
> > > In any case preshared mode (main or aggressive) was NOT 
> designed to be
> > > used with passwords. A password-based protocol needs a 
> > > specialized design
> > > (either a new mode for IKE or the proposals of ipsra).
> > > 
> > > Hugo
> > 
>