Hi BU,
bustao...@cryptolounge.net wrote:
> Perhaps my question is related to Michaels question, but above removing A, X,
> Y and server ID leaves the possibility of a person-in-the-middle who by
> manipulating public keys (resend 2A, instead of A, 2X instead of X, 2Y instead
> of Y) can force two
Quoting isis agora lovecruft :
Hello,
After discussion with John Schanck and Trevor Perrin over the last month,
we've decided to make some alterations to the specification for hybrid
handshakes in Tor proposal #269.
It seems that John, Trevor, and I are mostly in
Hi Michael,
Michael Rogers wrote:
> If we're concerned with the server choosing its public material in such
> a way as to bias the entropy extraction, does that mean that in this
> case, the attacker is the server, and therefore the server's public
> material shouldn't be included in the salt?
On 14/10/16 22:45, isis agora lovecruft wrote:
> 1. [NTOR] Inputs to HKDF-extract(SALT, SECRET) which are not secret
> (e.g. server identity ID, and public keys A, X, Y) are now removed from
> SECRET and instead placed in the SALT.
>
> Reasoning: *Only* secret data should be placed
On Fri, Oct 14, 2016 at 2:45 PM, isis agora lovecruft
wrote:
>
> After discussion with John Schanck and Trevor Perrin over the last month,
> we've decided to make some alterations to the specification for hybrid
> handshakes in Tor proposal #269.
>
> It seems that John,