Re: [wakaama-dev] Security Fix: PSK Keys Might Be Truncated

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [wakaama-dev] Security Fix: PSK Keys Might Be Truncated

From: Frank Gerlach <Frank_Gerlach@xxxxxxxx>
Date: Wed, 27 Apr 2016 12:31:17 +0000
Accept-language: en-US
Delivered-to: wakaama-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/wakaama-dev>
List-help: <mailto:wakaama-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/wakaama-dev>, <mailto:wakaama-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/wakaama-dev>, <mailto:wakaama-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AdGggBeiqnSoMWynTGatN6mKbQ7s4w==
Thread-topic: Re:Security Fix: PSK Keys Might Be Truncated

> The psk string is always nil-terminated as it is initialized to 0
1.) That is an implementation detail of Linux. It might not be true for other platforms, including POSIX-type plaforms

2.) With a likelihood of 6% (16*1/256), a proper 128 bit key will be truncated. If the opposite side uses the same code, this will "silently" generate a weaker key. It will be dramatically weaker, the earlier the 0 appears.

I still think it should be fixed as a matter of principle.

Prev by Date: Re: [wakaama-dev] Potential Scalability Issues in Wakaama (linked lists)
Next by Date: [wakaama-dev] LWM2M in RIOT-OS with Eclipse Wakaama
Previous by thread: Re: [wakaama-dev] Security Fix: PSK Keys Might Be Truncated
Next by thread: Re: [wakaama-dev] Leshan and Wakaama over DTLS / Thanks
Index(es):
- Date
- Thread

Breadcrumbs