[noise] new branch: psk2
Jason A. Donenfeld
Jason at zx2c4.com
Tue Nov 17 17:49:21 PST 2015
On Sat, Nov 14, 2015 at 8:16 AM, Trevor Perrin <trevp at trevp.net> wrote:
> * Instead of sending an explicit random for pre-shared keys, changed
> it to MixKey(e.public_key) when sending/receiving an ephemeral with
> PSK.
When implementing this, it looks something like:
if (has_psk)
mix_key(&key, &chaining_key, &ephemeral_public);
Notice the conditional there. This means it's possible for an attacker
to determine via timing whether or not the remote host uses a
pre-shared key. I don't know if this is something you care about, but
it is potentially a problem for fingerprinting or limited-set
identification.
More information about the Noise
mailing list