[noise] New branch: hkdf
Jason A. Donenfeld
Jason at zx2c4.com
Tue Oct 13 15:01:18 PDT 2015
On Tue, Oct 13, 2015 at 11:15 PM, Kenton Varda <kenton at sandstorm.io> wrote:
> FWIW, as a system builder but not a cryptographer, dismissing 5% speed
> losses makes me uncomfortable, for a couple reasons
If Trevor decides it's safe to change MixKey to simply be a 64byte PRF
(as in the other thread re:blake2), it's worth noting that things
suddenly become *faster* than n0. The difference then between n0 and
this 64byte-PRF design would simply be the addition of the chaining
key variable to avoid having to do an Encrypt(k).
> It sounds like Jason is tempted to diverge as well.
In the end, after we've discussed everything, I will be implementing
whatever Cap'n Trevor merges to master. I trust his final judgments
over my own.
More information about the Noise
mailing list