[noise] Pattern validity questions
Alex
alex at centromere.net
Sun May 14 13:36:09 PDT 2017
On Sun, 14 May 2017 20:11:53 +0000
Trevor Perrin <trevp at trevp.net> wrote:
> On Sun, May 14, 2017 at 8:06 PM, Alex <alex at centromere.net> wrote:
> >
> > Noise_IK(s, rs):
> > <- s
> > ...
> > -> e, es, s, ss
> > <- e, ee, se
> >
> > it is valid for the initiator to send encrypted data in the payload
> > of its first Noise message, *only* because of the presence of the
> > `es` token, correct? In other words, had that token not been there,
> > it would be an invalid pattern?
>
> Right - without the es, the static key derived from ss would be used
> repeatedly for encryption, without randomization, which is
> catastrophic for security.
>
Great, thanks for clarifying.
--
Alex
More information about the Noise
mailing list