[noise] Oxy: now using Noise

dawuud dawuud at riseup.net
Sat Jun 30 05:24:51 PDT 2018 


Done son! https://github.com/oxy-secure/oxy/issues/132

Thanks for confirming my understanding and for the suggestion to open a ticket.

Cheers,
David

On Sat, Jun 30, 2018 at 01:01:55PM +0100, Justin Cormack wrote:
> If you have the server private key in future you can read the client
> public key. The
> psk does not change this, it is after the public key, presumably as it
> is dependent
> on the key, ie different psk per client. Any threat model that has the
> private key
> presumably has the psk too. If you use XK instead then you are also protected
> by the ephemeral DH which comes before the public key exchange. I don't know
> how much they would think the extra latency matters, you could open an issue to
> discuss.
> 
> 
> On 30 June 2018 at 12:26, dawuud <dawuud at riseup.net> wrote:
> >
> > Sure it depends on the threat model as does everthing, always.
> > Privacy enhancing technology is my jam... and so is making people
> > more aware of these important issues in our day of mass surveillance.
> >
> > It is my understanding that if an adversary passively records these
> > IK interactions they can later determine which clients made the connection
> > if they gain access to the server's private key. The PSK1 modifier
> > does nothing to protect against this, correct?
> >
> >
> > On Sat, Jun 30, 2018 at 12:06:21PM +0100, Justin Cormack wrote:
> >> It depends on your threat model; I think the Noise docs are very clear
> >> about IK having reduced privacy hiding vs XK as the public
> >> key is sent sooner, at a cost of slower handshakes for X vs I. I can't
> >> find any docs for Oxy so I don't know what their design
> >> requirements are.
> >>
> >> On 29 June 2018 at 05:21, dawuud <dawuud at riseup.net> wrote:
> >> >
> >> > I looked and it uses Noise_IKpsk1_25519_AESGCM_SHA512.
> >> > Doesn't this mean that it has the same privacy problem as wireguard
> >> > that we discussed earlier?
> >> >
> >> > On Fri, Jun 29, 2018 at 12:48:59AM +0100, Tony Arcieri wrote:
> >> >> Oxy is a Rust-based SSH alternative which has been getting some attention
> >> >> lately.
> >> >>
> >> >> It previously used a bespoke transport encryption protocol but has just now
> >> >> switched to Noise:
> >> >>
> >> >> https://github.com/oxy-secure/oxy/pull/130
> >> >>
> >> >> --
> >> >> Tony Arcieri
> >> >
> >> >> _______________________________________________
> >> >> Noise mailing list
> >> >> Noise at moderncrypto.org
> >> >> https://moderncrypto.org/mailman/listinfo/noise
> >> >
> >> >
> >> > _______________________________________________
> >> > Noise mailing list
> >> > Noise at moderncrypto.org
> >> > https://moderncrypto.org/mailman/listinfo/noise
> >> >
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180630/83871d1a/attachment.sig>

More information about the Noise mailing list