Hi Ethan
>> It is important to include the cipher-type into the symmetric cipher key to >> avoid weak-cipher-attacks. > > the cipher-type here refers to the ECDH negotiation parameters? No. Not to the ECDH negotiation. BIP151 specifies a flexible symmetric key cipher type negotiation, although, BIP151 only specifies chacha20-poly1...@openssh.com. Lets assume someone adds another symmetric cipher type after BIP151 has been deployed which has less strong security properties then chacha20-poly1305. If we don't include the ciphersuite-type in the key derivation HMAC, an attacker/MITM could in theory force both nodes to use the weaker symmetric cipher type. </jonas>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
