[noise] wire guard handshake properties?
dawuud
dawuud at riseup.net
Fri Jun 8 11:46:39 PDT 2018
> I think what you pointed out is correct. If you don’t have access to the
> private key of either the responder s or initiator e then you can’t see the
> initiator s.
OK, thanks for the confirmation.
> So I’m not sure what your friend had in mind
Yeah I am also not sure what my friend meant because it clearly
requires only knowledge of the client's public key and the server's
private key. Perhaps powerful state adversaries perform this
retroactive identification attack.
I would recommend against using this and other similar handshake patterns for
the above reason.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180608/2eb5ce3b/attachment.sig>
More information about the Noise
mailing list