<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">It is a little tricky to support padding it for handshake message. You would have to calculate the whole Noise message length before deciding whether to apply padding, but the message sometimes includes static and ephemeral keys, where static keys can be encrypted or not, which depends on whether the cipher key was calculated in current or previous message patterns, but it also depends on whether the handshake pattern is PSK or not.<div class=""><div class=""><div><br class=""></div></div></div><div class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px;">Nemanja</div> </div> <div><br class=""><blockquote type="cite" class=""><div class="">On Apr 17, 2018, at 6:40 PM, Justin Cormack <<a href="mailto:justin@specialbusservice.com" class="">justin@specialbusservice.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="auto" class=""><div class="">I would assume that many protocols will not use the unencrypted messages for anything, so using them for padding seems natural (have been planning to do that for one use case). Encrypted ones can have framing information so they look much like normal messages so padding should be easy.<br class=""><br class=""><div class="gmail_quote"><div dir="ltr" class="">On Tue, 17 Apr 2018, 17:31 Trevor Perrin, <<a href="mailto:trevp@trevp.net" class="">trevp@trevp.net</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Tue, Apr 17, 2018 at 4:14 PM, Alexey Ermishkin <<a href="mailto:scratch.net@gmail.com" target="_blank" rel="noreferrer" class="">scratch.net@gmail.com</a>> wrote:<br class=""> > Hello everyone,<br class=""> > This is when padding was dropped from the handshake<br class=""> > <a href="https://moderncrypto.org/mail-archive/noise/2017/000931.html" rel="noreferrer noreferrer" target="_blank" class="">https://moderncrypto.org/mail-archive/noise/2017/000931.html</a><br class=""> <br class=""> Ah, I missed that, sorry.<br class=""> <br class=""> Let's take a moment to think about this and make sure we know what<br class=""> decision we're making, and why we're making it.<br class=""> <br class=""> On the one hand, I'm not sure why padding would be less-useful for<br class=""> handshake ciphertext than transport ciphertexts. On the other hand,<br class=""> maybe the structure of Noise libraries and the fact that handshake<br class=""> payloads are sometimes encrypted and sometimes not, makes this an<br class=""> awkward thing to support?<br class=""> <br class=""> Trevor<br class=""> _______________________________________________<br class=""> Noise mailing list<br class=""> <a href="mailto:Noise@moderncrypto.org" target="_blank" rel="noreferrer" class="">Noise@moderncrypto.org</a><br class=""> <a href="https://moderncrypto.org/mailman/listinfo/noise" rel="noreferrer noreferrer" target="_blank" class="">https://moderncrypto.org/mailman/listinfo/noise</a><br class=""> </blockquote></div></div></div> _______________________________________________<br class="">Noise mailing list<br class=""><a href="mailto:Noise@moderncrypto.org" class="">Noise@moderncrypto.org</a><br class="">https://moderncrypto.org/mailman/listinfo/noise<br class=""></div></blockquote></div><br class=""></body></html>