Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [wakaama-dev] Security Fix: PSK Keys Might Be Truncated

> The psk string is always nil-terminated as it is initialized to 0
1.) That is an implementation detail of Linux. It might not be true for other platforms, including POSIX-type plaforms

2.) With a likelihood of 6% (16*1/256), a proper 128 bit key will be truncated. If the opposite side uses the same code, this will "silently" generate a weaker key. It will be dramatically weaker, the earlier the 0 appears.

I still think it should be fixed as a matter of principle. 




Back to the top