[noise] New revision: "noh2" branch, revision 3
Trevor Perrin
trevp at trevp.net
Tue Sep 1 09:43:21 PDT 2015
On Tue, Sep 1, 2015 at 7:30 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>
> - "KDF(kdf_key, input): Takes a kdf_key of 256 bits and some input data and
> returns a new value for the cipher key `k`. "
> It's not really useful here to name the return value. Could be shortened to
> "..and returns a new value for a cipher key."
Fixed.
> - "HMAC-SHA2-256 is an example KDF." "SHA2-256 is an example hash function."
> Are the examples still relevant, since the cipher suite section below
> specifies them too? The latter is missing ` ` by the way.
Left examples in, they help clarify - fixed typo.
> - "Decrypt(ciphertext): Calls DECRYPT(k, n, h, ciphertext) to get a
> plaintext, then increments n and returns the plaintext. If an authentication
> failure occurs all variables are set to zeros and the error is signalled to
> the caller."
> signalled -> signaled
Fixed.
> Which variables are set to zero? The local k, n, h, and ciphertext that are
> on DECRYPT's stack? The k, n, and h that belongs to the present CipherState
> object? If the latter, thats a bad DoS. If the former, I don't know if it
> makes sense to include implementation details like that; hopefully
> implementors are already zeroing their stacks appropriately.
Cleaned up, removed these details.
> - "For "dhxy" calls cipherstate.MixKey(DH(x, ry)) and sets has_key to True."
> Can you italicize the x and y inside the ` ` too?
Don't think so.
> - "EndHandshake(): Returns two new CipherState objects by calling
> cipherstate.Split()."
> ...and zeros everything out.
Not necessary, the caller can delete the HandshakeState.
>
> - "Big-endian is preferred because..."
> Grumble grumble.
I expanded the rationale here.
>
>
> By the way, after you merge this to master, is there a reason for keeping
> around noh and noise2 branches? Or are these just left over from old times?
They're just old.
Trevor
More information about the Noise
mailing list