[noise] Raw RNG over the Wire [was: Re: Rev30 branch]

Trevor Perrin trevp at trevp.net
Thu Jul 7 22:47:37 PDT 2016

On Tue, Jul 5, 2016 at 8:06 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> Hey,
> These are interesting points you make. In WireGuard, there's a session
> index that ties several UDP messages together into one session. At the
> beginning of a session, it's randomly generated from the equivalent of
> /dev/urandom. It's 4 bytes, and is included in every message of the
> session.
> Perhaps this isn't such a good idea to transmit it raw?

I wouldn't worry about that too much, lots of protocols have random
nonces / IVs, I don't want to exaggerate the risk.

You already have ephemeral public keys, so you could just take 32 bits
from one of them as the session index, to avoid another RNG call, but
I'm not sure it's worth more effort than that.


More information about the Noise mailing list