[noise] encrypted nonce / udp packet number
Marian Beermann
public at enkore.de
Sat Jul 21 02:42:31 PDT 2018
On 21.07.2018 02:51, Rhys Weatherley wrote:
> I don't know enough about QUIC to know if this really helps. If QUIC
> packet numbers are generated in increasing order from the start of the
> session, then guessing what they are under the encryption layer plus or
> minus some delta shouldn't be hard. Is the packet number encryption
> actually helping? Dunno.
... if it's just for obfuscation, then using a block cipher as a
permutation over these packet numbers would work fine, too (even for 64
bit numbers). Unlike CTR you don't need to make up a CTR nonce, and
unlike some paddings you'd get minimal overhead.
-Marian
More information about the Noise
mailing list