[noise] Noise Explorer
Trevor Perrin
trevp at trevp.net
Fri May 25 08:52:20 PDT 2018
On Fri, May 25, 2018 at 3:43 PM, Nadim Kobeissi <nadim at symbolic.software> wrote:
> I guess I'm confused, because confidentiality grade 2 does not say anything
> about the *sender's* static key being compromised after the session is
> concluded and how that may lead to decryption. It only discusses the
> recipient's static keys:
>
> "2: Encryption to a known recipient, forward secrecy for sender compromise
> only, vulnerable to replay. This payload is encrypted based only on DHs
> involving the recipient's static key pair. If the recipient's static
> private key is compromised, even at a later date, this payload can be
> decrypted. This message can also be replayed, since there's no ephemeral
> contribution from the recipient."
I was talking about the first and only message (A) in pattern K.
If you're talking about subsequent messages in this pattern, these
messages don't exist. But even if they existed, it wouldn't be
correct to say "Message contents are sent in cleartext", so not sure
what Noise Explorer was doing there.
> Either way, "tokenless" messages for K have now been removed from the
> analysis. This will be reflected on the website in a few minutes.
Cool, that takes care of it.
Trevor
More information about the Noise
mailing list