[noise] Oxy: now using Noise
Justin Cormack
justin at specialbusservice.com
Sat Jun 30 05:01:55 PDT 2018
If you have the server private key in future you can read the client
public key. The
psk does not change this, it is after the public key, presumably as it
is dependent
on the key, ie different psk per client. Any threat model that has the
private key
presumably has the psk too. If you use XK instead then you are also protected
by the ephemeral DH which comes before the public key exchange. I don't know
how much they would think the extra latency matters, you could open an issue to
discuss.
On 30 June 2018 at 12:26, dawuud <dawuud at riseup.net> wrote:
>
> Sure it depends on the threat model as does everthing, always.
> Privacy enhancing technology is my jam... and so is making people
> more aware of these important issues in our day of mass surveillance.
>
> It is my understanding that if an adversary passively records these
> IK interactions they can later determine which clients made the connection
> if they gain access to the server's private key. The PSK1 modifier
> does nothing to protect against this, correct?
>
>
> On Sat, Jun 30, 2018 at 12:06:21PM +0100, Justin Cormack wrote:
>> It depends on your threat model; I think the Noise docs are very clear
>> about IK having reduced privacy hiding vs XK as the public
>> key is sent sooner, at a cost of slower handshakes for X vs I. I can't
>> find any docs for Oxy so I don't know what their design
>> requirements are.
>>
>> On 29 June 2018 at 05:21, dawuud <dawuud at riseup.net> wrote:
>> >
>> > I looked and it uses Noise_IKpsk1_25519_AESGCM_SHA512.
>> > Doesn't this mean that it has the same privacy problem as wireguard
>> > that we discussed earlier?
>> >
>> > On Fri, Jun 29, 2018 at 12:48:59AM +0100, Tony Arcieri wrote:
>> >> Oxy is a Rust-based SSH alternative which has been getting some attention
>> >> lately.
>> >>
>> >> It previously used a bespoke transport encryption protocol but has just now
>> >> switched to Noise:
>> >>
>> >> https://github.com/oxy-secure/oxy/pull/130
>> >>
>> >> --
>> >> Tony Arcieri
>> >
>> >> _______________________________________________
>> >> Noise mailing list
>> >> Noise at moderncrypto.org
>> >> https://moderncrypto.org/mailman/listinfo/noise
>> >
>> >
>> > _______________________________________________
>> > Noise mailing list
>> > Noise at moderncrypto.org
>> > https://moderncrypto.org/mailman/listinfo/noise
>> >
More information about the Noise
mailing list