[noise] post-handshake authentication

Trevor Perrin trevp at trevp.net
Wed Jun 20 19:21:43 PDT 2018


On Wed, Jun 20, 2018 at 4:16 PM, David Wong <davidwong.crypto at gmail.com> wrote:
> Hello hello,
>
> I've been thinking about doing a post-handshake authentication pattern
> via Noise_NN, but the only API I have is GetHandshakeHash() which
> gives out something based on `h` and not on `ck`. Ideally I would want
> both endpoints to have an exportFingerprint() function that would
> generate a different fingerprint based on the initiator or the
> responder. Then the other peer would "activate" the CipherStates
> created by Split() by entering that fingerprint (obtained out-of-band)
> in authenticateSession() or something.
>
> I want different fingerprints per endpoint because I do not want a
> peer to export the secret himself and then active the session by using
> the fingerprint HE generated.

I don't quite follow the protocol.  But what you're asking for seems
similar to the ASK / Additional Symmetric Keys mechanism that we're
discussing in the "Resumption PSKs" thread?


> Additionally, has anyone thought about integrating a
> short-authentication-string protocol with Noise? Sometimes it's not
> practical to share a "long" fingerprint out of band (e.g. embedded
> device flashes a number of leds as the SAS)

Rhys and I thought a little about that last year:

https://moderncrypto.org/mail-archive/noise/2017/001170.html

But we didn't get very far.  Would be fun to push that forward
sometime, particularly if someone has a real use case.

Trevor


More information about the Noise mailing list