[noise] New branch: hkdf
Jason A. Donenfeld
Jason at zx2c4.com
Mon Oct 12 11:29:17 PDT 2015
On Sat, Oct 10, 2015 at 9:21 PM, Trevor Perrin <trevp at trevp.net> wrote:
> Based on all this, I favor the HKDF design at the moment. I'll
> probably merge it to master in a few days if there aren't any
> compelling counter-arguments.
In its current manifestation, `ck` is part of the
SymmetricHandshakeState object. Since this object is discarded after a
handshake, one can't derive new keys from previous ones. IOW,
ratcheting isn't possible. To add back this possibility, you'd need to
move `ck` to the CipherState object, and change Split() in such a way
that `ck` inside of CipherState would be properly updated too.
More information about the Noise
mailing list