[noise] New branch: "simpler"

Jason A. Donenfeld Jason at zx2c4.com
Thu Oct 1 03:00:01 PDT 2015


With a premessage and a handshake name, things wind up looking like:

    initiator.key = 32 bytes of zeros
    initiator.hash = HASH("Noise WireGuard zx2c4 2015-09-30" ||
responder.static_public)

Why not instead initiate the key with the handshake name, instead of the
hash? It seems like this would also go a bit further in reducing key-reuse
too. So, instead:

    initiator.key = "Noise WireGuard zx2c4 2015-09-30"
    initiator.hash = HASH(responder.static_public)

How about this?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20151001/966f1b95/attachment.html>


More information about the Noise mailing list