[noise] Pre-shared Secret - preventing DoS, and ensuring post-quantum PFS
Tony Arcieri
bascule at gmail.com
Wed Nov 11 15:34:16 PST 2015
On Wed, Nov 11, 2015 at 3:22 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> This provides DoS defense, so that an attacker can not force a server to
> compute any DH operations, unless he has the pre-shared secret. Without
> this mitigation, Noise is very very DoS-able.
>
Two things:
1) TLS is very much more DoSable than Noise (due to e.g. RSA signatures,
and most people using RSA). In practice you'll want layer 3/4 mechanisms to
mitigate such a DoS.
2) This does NOT provide post-quantum PFS. That would mean that if the PSK
leaked, and someone built a large quantum computer, you'd still have PFS.
This would not be the case with your construction.
The only way to attain post-quantum PFS is with a post-quantum D-H-alike
key exchange algorithm (e.g. NTRU or Ring-LWE)
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20151111/cb158f43/attachment.html>
More information about the Noise
mailing list