Another entry in the internet security hall of shame....

Damien Miller djm at
Thu Sep 1 19:59:53 EDT 2005

On Tue, 30 Aug 2005, Peter Gutmann wrote:

> - A non-spoofable means of password entry that only applies for TLS-PSK
>  passwords.  In other words, something where a fake site can't trick the user
>  into revealing a TLS-PSK key.

This sounds like a solution replete with all the problems that passwords 
have had all along: users choosing bad ones, using the same ones for 
different sites, never changing them, servers getting hacked (disclosing 
the probably-shared passwords of thousands of users), etc. ad nauseum...

The last threat is particularly pertainent because it appears there is a 
requirement for servers to retain the PSK in cleartext. (To be fair, the 
draft does RECOMMENDED that implementations provide a way to generate 
random PSKs, but this has been recommeded for passwords in general for 
decades, to little effect.)

Given the complete lack of good password management practice in the vast 
majority of websites, what will make them start doing things right with 

Maybe some of this could be solved with a good UI in the web browser (e.g. 
by treating the PSK as a key rather than a password), but arm-waving about 
UI refinements applies to improving certificate handling too.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list