[noise] The h value
Jason A. Donenfeld
Jason at zx2c4.com
Mon Jul 20 05:38:15 PDT 2015
Hi guys,
I'm wondering why `h` is included as AAD, and not simply hashed together
with the current key (k = HASH(h || k)). Is this for IP reasons? Or is
there a solid cryptography reason behind it? Is there some mistrust with
the hash function, where a preimage attack could be used to massage the key
into something predictable?
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20150720/48492a70/attachment.html>
More information about the Noise
mailing list