[noise] new branch: psk2

Jason A. Donenfeld Jason at zx2c4.com
Tue Nov 17 17:49:21 PST 2015


On Sat, Nov 14, 2015 at 8:16 AM, Trevor Perrin <trevp at trevp.net> wrote:
>  * Instead of sending an explicit random for pre-shared keys, changed
> it to MixKey(e.public_key) when sending/receiving an ephemeral with
> PSK.

When implementing this, it looks something like:

if (has_psk)
    mix_key(&key, &chaining_key, &ephemeral_public);

Notice the conditional there. This means it's possible for an attacker
to determine via timing whether or not the remote host uses a
pre-shared key. I don't know if this is something you care about, but
it is potentially a problem for fingerprinting or limited-set
identification.


More information about the Noise mailing list