On 2013-10-10 (283), at 15:29:33, Stephen Farrell <[email protected]> wrote:
>> On 10 Oct 2013, at 17:06, John Kelsey <[email protected]> wrote: >> >> Just thinking out loud.... >> [....] >> c. Both sides derive the shared key abG, and then use SHAKE512(abG) to >> generate an AES key for messages in each direction. How does this prevent MITM? Where does G come from? I'm also leery of using literally the same key in both directions. Maybe a simple transform would suffice; maybe not. >> d. Each side keeps a sequence number to use as a nonce. Both sides use >> AES-CCM with their sequence number and their sending key, and keep track of >> the sequence number of the most recent message received from the other side. If the same key is used, there needs to be a simple way of ensuring the sequence numbers can never overlap each other. __outer _______________________________________________ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
