[noise] Reworking PSK usage

Jason A. Donenfeld Jason at zx2c4.com
Wed May 3 06:41:47 PDT 2017

Hi Trevor,

On Tue, May 2, 2017 at 10:50 PM, Trevor Perrin <trevp at trevp.net> wrote:
> On Tue, May 2, 2017 at 7:56 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>> Actually, my suggestion and what I placed in that pull request is:
>> MixKeyAndHash(psk):
>>   ck, temp, k = HKDF(ck, psk)
>>   MixHash(temp)
>> The reason is that there are cases in which k is overwritten again without
>> being used.
> That makes sense - h is always used after every token, but sometimes k isn't.

Great, okay. So this is what we shall use then.

Since this is a pretty late-stage change for WireGuard, I'm anxious to
transition to this ASAP, since implementations are propagating. Have
any rough ideas when you think rev32 will be ready for pushing? Before
I cut the latest WireGuard snapshot (which usually happen once a week
or every other week), I'd like to at least verify compatibility with
another person's noise implementation, which means waiting for
somebody to update one, which means rev32.


More information about the Noise mailing list