Hi BU,
bustao...@cryptolounge.net wrote:
> Perhaps my question is related to Michaels question, but above removing A, X,
> Y and server ID leaves the possibility of a person-in-the-middle who by
> manipulating public keys (resend 2A, instead of A, 2X instead of X, 2Y instead
> of Y) can force two
Quoting isis agora lovecruft :
Hello,
After discussion with John Schanck and Trevor Perrin over the last month,
we've decided to make some alterations to the specification for hybrid
handshakes in Tor proposal #269.
It seems that John, Trevor, and I are mostly in agreement about most
of the c
Hi Michael,
Michael Rogers wrote:
> If we're concerned with the server choosing its public material in such
> a way as to bias the entropy extraction, does that mean that in this
> case, the attacker is the server, and therefore the server's public
> material shouldn't be included in the salt?
In
On 14/10/16 22:45, isis agora lovecruft wrote:
> 1. [NTOR] Inputs to HKDF-extract(SALT, SECRET) which are not secret
> (e.g. server identity ID, and public keys A, X, Y) are now removed from
> SECRET and instead placed in the SALT.
>
> Reasoning: *Only* secret data should be placed in
On Fri, Oct 14, 2016 at 2:45 PM, isis agora lovecruft
wrote:
>
> After discussion with John Schanck and Trevor Perrin over the last month,
> we've decided to make some alterations to the specification for hybrid
> handshakes in Tor proposal #269.
>
> It seems that John, Trevor, and I are mostly in
Hello,
After discussion with John Schanck and Trevor Perrin over the last month,
we've decided to make some alterations to the specification for hybrid
handshakes in Tor proposal #269.
It seems that John, Trevor, and I are mostly in agreement about most
of the construction.
First, I'll try to su