[noise] new branch: psk2

Trevor Perrin trevp at trevp.net
Sat Nov 14 13:10:31 PST 2015


On Sat, Nov 14, 2015 at 4:22 AM, Alex <alex at centromere.net> wrote:
> On Fri, 13 Nov 2015 23:16:44 -0800
> Trevor Perrin <trevp at trevp.net> wrote:
>
>> https://github.com/trevp/noise/blob/psk2/noise.md
>>
>
> Am I correct in stating that PSK is useless in Noise_NN, since DH will
> be performed regardless?

No, NoisePSK_NN would provide authentication based on the PSK, but use
the DH to add forward-security.

If you don't know the PSK, you can't complete the handshake or decrypt
any of the ciphertexts.  But if you compromise the PSK afterward, the
DHs prevent you from decrypting old traffic.

So that's potentially useful, and similar to TLS's DHE_PSK suites.

Trevor






Trevor


>
> --
> Alex
> _______________________________________________
> Noise mailing list
> Noise at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/noise


More information about the Noise mailing list