[noise] Reworking PSK usage
Jason A. Donenfeld
Jason at zx2c4.com
Wed May 3 06:41:47 PDT 2017
Hi Trevor,
On Tue, May 2, 2017 at 10:50 PM, Trevor Perrin <trevp at trevp.net> wrote:
> On Tue, May 2, 2017 at 7:56 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>> Actually, my suggestion and what I placed in that pull request is:
>>
>> MixKeyAndHash(psk):
>> ck, temp, k = HKDF(ck, psk)
>> MixHash(temp)
>>
>> The reason is that there are cases in which k is overwritten again without
>> being used.
>
> That makes sense - h is always used after every token, but sometimes k isn't.
Great, okay. So this is what we shall use then.
Since this is a pretty late-stage change for WireGuard, I'm anxious to
transition to this ASAP, since implementations are propagating. Have
any rough ideas when you think rev32 will be ready for pushing? Before
I cut the latest WireGuard snapshot (which usually happen once a week
or every other week), I'd like to at least verify compatibility with
another person's noise implementation, which means waiting for
somebody to update one, which means rev32.
Jason
More information about the Noise
mailing list