Collaborate Disseminate
I am having a Handshake session of PSK_only mode in TLS1.3 , where I use PSK’s established out of band.
consider, client Hello is sent with the extensions of supported_versions, PreSharedKey, psk_key_exchange_modes
Q1)If server sends a Hel… Continue reading In TLS1.3 can the client hello have the extensions which were not sent as part of HelloRetryRequest
I am doing testing with some ethernet device, for which I use an own TLS implementation (using OpenSSL for the actual cryptographic functions). There are pre shared keys used. When I am connecting to the device using the cipher suite TLS_P… Continue reading Anlyzing PSK-TLS handshake (Handshake Finished record) in Wireshark
I’m looking for a standard solution to the following problem. I’ve been unable to find how something like this is normally accomplished. Even a key word that points me in the right direction would be helpful at this point.
Imagine two devi… Continue reading Authenticating a device for remote motor control
In the context of TLS 1.3 session resumption, how is the pre-shared key derived? Section 7 of RFC 8446 says the the PSK is derived from the "derived from the resumption_master_secret value from a previous connection" using this f… Continue reading How is the TLS PSK derived? [closed]
TLS 1.2 session tickets are encrypted by the server with the session ticket encryption key (STEK). This key is shared with all the servers doing TLS termination. The session ticket contains all the information the server needs to resume th… Continue reading TLS session ticket vs pre-shared key state management
All you want is a decent night’s sleep, so you decide to invest in one of those fancy adjustable beds. At first, it’s fine — being able to adjust the …read more Continue reading Reverse Engineering a Better Night’s Sleep
Pre-Shared Key (PSK) with simple symmetric encryption is a popular way of solving both client and server authentication when SSL cannot be used for some reason (for example, can’t trust or deal with certificate management, or even SSL not … Continue reading How to build a PSK website
EAP-TLS with TLS 1.3 is standardized in RFC 9190. Section 2.1.1 specifies Authentication. The RFC states that PSK authentication shall not be used except for resumption. This is surprising, because TLS 1.3 allows authentication with PSK (a… Continue reading Why does EAP-TLS 1.3 not allow for PSK authentication?
TLS 1.3 removes the use of non-ephemeral Diffie-Hellman, which is great! But it still allows PSK.
I’m not as familiar with PSK configuration but wouldn’t that mean TLS 1.3 still is allowing the use of some form of non-ephemeral?
Or is ther… Continue reading I don’t understand TLS 1.3 allowing PSK
I was looking for ways to make Wi-Fi that uses WPA2-Personal/WPA-PSK secure, and I stumbled in this answer (the second one, from Terrence Koeman):
WPA2-PSK (aka WPA2 Personal) basically does the same thing as WPA2-Enterprise from the clie… Continue reading Is there a point in randomizing my WPA2-Personal SSID (meaning, set a random string in place of the SSID)?