[noise] Noise Explorer

Justin Cormack justin at specialbusservice.com
Wed May 23 09:16:58 PDT 2018


On 23 May 2018 at 17:02, Trevor Perrin <trevp at trevp.net> wrote:
> The "tokenless" messages were just used in security tables to indicate
> cases where the sender's post-handshake messages have different
> security properties than their last handshake message.
>
> In theory you could work this out automatically, e.g. by
> experimentally adding tokenless messages, re-running your process, and
> if you get any different results with "tokenless" messages then you'd
> display them.

This looks nice!

I think the deferred ones all need at least as many tokenless lines as the
standard ones; actually I think they may need more in some cases as the
earlier handshakes are weaker due to the deferal. So it would be nice to
see these.

Also, can you explain the attack where there is the comment
"However, if the responder carries out a separate session with a separate,
compromised initiator, this other session can be used to forge the authenticity
of this message with this session's initiator." - not quite clear how
this works...

Justin


More information about the Noise mailing list