<div dir="ltr"><div class="gmail_extra">With a premessage and a handshake name, things wind up looking like:
</div><div class="gmail_extra"><br></div><div class="gmail_extra"><div class="gmail_extra">    initiator.key = 32 bytes of zeros</div><div class="gmail_extra">    initiator.hash = HASH("Noise WireGuard zx2c4 2015-09-30" || responder.static_public)</div><div class="gmail_extra"><br></div><div class="gmail_extra">Why not instead initiate the key with the handshake name, instead of the hash? It seems like this would also go a bit further in reducing key-reuse too. So, instead:</div><div class="gmail_extra"><div class="gmail_extra"><br></div><div class="gmail_extra">    initiator.key = "Noise WireGuard zx2c4 2015-09-30" </div><div class="gmail_extra">    initiator.hash = HASH(responder.static_public)</div><div class="gmail_extra"><br></div><div class="gmail_extra">How about this?</div></div></div></div>