[noise] Raw RNG over the Wire [was: Re: Rev30 branch]
Jason A. Donenfeld
Jason at zx2c4.com
Fri Jul 8 08:00:40 PDT 2016
Hi Trevor,
On Fri, Jul 8, 2016 at 7:47 AM, Trevor Perrin <trevp at trevp.net> wrote:
> I wouldn't worry about that too much, lots of protocols have random
> nonces / IVs, I don't want to exaggerate the risk.
Okay, thanks for the reassurance. I'd implemented my siphash idea in a
branch here, but hopefully I won't merge it to master:
https://git.zx2c4.com/WireGuard/commit/?id=1a8a29b822d59c3723c059eba0ee03118f2a241c
>
> You already have ephemeral public keys, so you could just take 32 bits
> from one of them as the session index, to avoid another RNG call, but
> I'm not sure it's worth more effort than that.
Is this okay to do without something like elligator? I guess the
overtime the public keys will still get acceptable dispersion, even if
they're as a whole still identifiably public keys.
Jason
More information about the Noise
mailing list