[noise] Raw RNG over the Wire [was: Re: Rev30 branch]
Jason A. Donenfeld
Jason at zx2c4.com
Fri Jul 8 08:13:45 PDT 2016
On Fri, Jul 8, 2016 at 5:00 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>> You already have ephemeral public keys, so you could just take 32 bits
>> from one of them as the session index, to avoid another RNG call, but
>> I'm not sure it's worth more effort than that.
Here's what that looks like:
https://git.zx2c4.com/WireGuard/commit/?id=765b5e38917260fa171de60285e2a7282d01769b
I'm not yet convinced this actually hides the leak though, because it
must eventually fall back to using the RNG if all the bytes of the
ephemeral are already in use as indices. Maybe maybe that's
acceptable? Need to think about this more...
More information about the Noise
mailing list