[noise] Pattern validity questions
trevp at trevp.net
Sun May 14 13:11:53 PDT 2017
On Sun, May 14, 2017 at 8:06 PM, Alex <alex at centromere.net> wrote:
> Noise_IK(s, rs):
> <- s
> -> e, es, s, ss
> <- e, ee, se
> it is valid for the initiator to send encrypted data in the payload of
> its first Noise message, *only* because of the presence of the `es`
> token, correct? In other words, had that token not been there, it would
> be an invalid pattern?
Right - without the es, the static key derived from ss would be used
repeatedly for encryption, without randomization, which is
catastrophic for security.
More information about the Noise