[noise] Another spec issue: remote ephemeral keys

Alex alex at centromere.net
Sat Apr 16 06:44:59 PDT 2016

On Sat, 16 Apr 2016 17:05:49 +1000
Rhys Weatherley <rhys.weatherley at gmail.com> wrote:

> On Sat, Apr 16, 2016 at 3:37 PM, Trevor Perrin <trevp at trevp.net>
> wrote:
> > A hostile party could always downgrade the security of its own
> > handshake, e.g. by using an ephemeral with a known/published
> > private key.
> >
> > Using a null ephemeral public key shouldn't accomplish anything
> > more than that.  
> True.  I'm looking at it from the point of view of mass surveillance
> where the hostile party has hacked an app on an app store.  An
> implementation that is using a non-null "snooper's key" makes that
> traffic visible only to the snoopers in the know about that specific
> key (or set of keys).

If you can't trust the hardware/software you're running, you shouldn't
be using it for secure communication.


More information about the Noise mailing list