[noise] Deriving resumption PSKs (was: SAS (was: Explicit nonces (for lossy transports))
Rhys Weatherley
rhys.weatherley at gmail.com
Sat Jul 29 22:48:48 PDT 2017
On Sun, Jul 30, 2017 at 2:49 PM, Trevor Perrin <trevp at trevp.net> wrote:
> Since we recently added an optional 3rd output to HKDF for
> MixKeyAndHash(PSK), it's now less painful to derive extra keys based
> on the output of HKDF in Split(). So I'll propose using a chain of
> HKDF to derive numbered PSKS (0, 1, 2, ...):
>
> EK = 3rd output from Split().HKDF()
> CK_PSK, PSK_0 = HKDF(EK, "PSK")
> CK_PSK, PSK_1 = HKDF(CK, "")
> CK_PSK, PSK_2 = HKDF(CK, "")
>
I think you meant CK_PSK instead of CK in those last two lines. But other
than that, I'm happy with this approach.
Cheers,
Rhys.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20170730/ddec262a/attachment.html>
More information about the Noise
mailing list