[Owasp-leaders] Contact with expertise in message

Brad Causey bradcausey at owasp.org
Wed May 24 19:27:09 UTC 2017

Hey folks,

I met someone at an appsec conference recently who was asking if the folks
at OWASP would be able to help her design some technology.

Below is a synopsis. If there is anyone around that would be a good
resource for them, please let me put you in contact with them.

This is a little outside my wheelhouse.



I am trying to setup/understand TLS on a closed network and I have read up
on TLS-PSK but I don’t really understand where the pre-shared key comes in.

We are trying to apply message integrity and message authentication to our
communications. I mostly understand HMAC but for authentication we would
prefer not to use certificates but I had a thought of pre-sharing a
symmetric key that could be used either in conjunction with the random
number to create the session ID or used to create the HMAC. This key would
be used to show authentication that only authentication users will have
this key and be able to either decipher the HMAC or create the session ID.


-Brad Causey

"Si vis pacem, para bellum"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20170524/83d52872/attachment.html>

More information about the OWASP-Leaders mailing list