[noise] Working toward Revision 29
Trevor Perrin
trevp at trevp.net
Tue May 17 02:23:38 PDT 2016
On Tue, May 17, 2016 at 2:11 AM, Alex <alex at centromere.net> wrote:
> On Thu, 12 May 2016 17:58:32 -0700
> Trevor Perrin <trevp at trevp.net> wrote:
>
>> (2) Now requires pre-shared symmetric keys to be 256 bits. Tightening
>> the rules makes testing and implementation simpler, and hopefully
>> deters people from using this with low-entropy passwords.
>>
>
> Is there any harm in using a PSK of length >256 bits?
I think it simplifies implementations and testing a bit if we have one
fixed size.
A bigger secret isn't going to get more security (since we have 256
bit cipher keys).
The only rationale I can think of for bigger PSKs is if you've done
RSA or something and have a larger shared secret. But in that case,
the caller can just hash the larger secret down to 256 bits herself.
(Which simplifies our security analysis, because we can assume that
PSKs are uniformly random 256-bit values.)
Trevor
More information about the Noise
mailing list