[noise] DoS *is* a problem
Alex
alex at centromere.net
Sat Nov 21 06:43:19 PST 2015
On Sat, 21 Nov 2015 14:59:06 +0100
"Jason A. Donenfeld" <Jason at zx2c4.com> wrote:
> On Sat, Nov 21, 2015 at 2:28 PM, Jason A. Donenfeld <Jason at zx2c4.com>
> wrote:
>
> > The second, and more significant, mitigation is that when the
> > responder sends the cookie back to the initiator, it
> > authenticated-encrypts it, taking as a key a combination of the
> > responder's public key, optionally the PSK too, and the initial
> > HMAC that was sent in the initiator's first handshake initiation.
>
Why not just do hashcash based on the current unix timestamp in
minutes? If you're under attack you can require a more precise
timestamp and higher computational requirements.
--
Alex
More information about the Noise
mailing list