[noise] Reworking PSK usage

Trevor Perrin trevp at trevp.net
Wed May 3 10:55:38 PDT 2017

On Wed, May 3, 2017 at 1:41 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> Hi Trevor,
> On Tue, May 2, 2017 at 10:50 PM, Trevor Perrin <trevp at trevp.net> wrote:
>> On Tue, May 2, 2017 at 7:56 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>>> Actually, my suggestion and what I placed in that pull request is:
>>> MixKeyAndHash(psk):
>>>   ck, temp, k = HKDF(ck, psk)
>>>   MixHash(temp)
>>> The reason is that there are cases in which k is overwritten again without
>>> being used.
>> That makes sense - h is always used after every token, but sometimes k isn't.
> Great, okay. So this is what we shall use then.
> Since this is a pretty late-stage change for WireGuard, I'm anxious to
> transition to this ASAP, since implementations are propagating. Have
> any rough ideas when you think rev32 will be ready for pushing?

I'll try to update the rev32 branch today or tomorrow.  I'd like more
feedback, but hopefully we can publish revision 32 next week, since
rev32 contains a bunch of good text cleanups that I'd like to get out


More information about the Noise mailing list