[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] key exchanges [updated, resend]

From: Jeff Burdges
Subject: Re: [GNUnet-developers] key exchanges [updated, resend]
Date: Fri, 28 Aug 2015 16:28:59 +0200


I should probably read the chosen protocol attack paper, not sure I
understand it, but..

In, Protocol 6, there HMACs with a protocol identifier K in the first
and second message, presumably making them both commit to the protocol
choice early, thus limiting port scanning.

In trip 1, Alice reveals the protocol K she speaks to Bob.  As I
understand it everyone knows K, that's problematic in countries like
Russia that outlaw many protocols.  I suppose Bob could ask to change
the protocol choice in trip 2, but that's equally problematic.

If one or both should commit early to the protocol, then maybe a better
approach is : Trips 1 and 2 could contain (x, KDF(r,K,x)) where x = a_p
and b_p, respectively, and then reveal (r,K) in trips 3 & 4. 


p.s.  Are you using an HMAC here because an HMAC can use a faster hash
function than SHA512?

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]