[noise] New draft for "chain-of-DH" approach

Trevor Perrin trevp at trevp.net
Tue Jul 28 19:48:26 PDT 2015


On Sun, Jul 26, 2015 at 4:35 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> On Sun, Jun 14, 2015 at 3:42 AM, Trevor Perrin <trevp at trevp.net> wrote:
>>  - Padding removed.  The calling app will need to decide on it
>> anyways, so it doesn't need to be in this layer.
>
> This makes sense to me, but I would be interested in having some
> confirmation about what security properties I can expect out of noise,
> so I know what sort of padding to use. Specifically, it's easiest to
> pad with zeros, but in certain protocols, this kind of deterministic
> content can cause problems. In those cases, random padding is
> preferred. What's the scoop with noise? Can I get away with zero
> padding, or do I need to fill in random bytes?

Zero padding is fine.

But there's a bigger question of whether things like padding should be
specified in Noise core, left to the user, or something in between.
I'll take this up in a separate mail.

Trevor


More information about the Noise mailing list