[noise] Minor KDF concern

Stephen Touset stephen at squareup.com
Sat Jul 5 02:34:18 PDT 2014

While writing a basic implementation of Noise Boxes, I realized that the
KDF doesn't mix the output length into the HMAC inputs. If you use the KDF
to produce two keys of different lengths with the same secret, extra_data,
and info parameters, the shorter key will be a prefix of the longer one.

Does it make sense to append the key length to the message that is HMACed?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20140705/422b477c/attachment.html>

More information about the Noise mailing list