On 12/15/2017 02:39 PM, Luca Boccassi wrote:
As far as I remember (haven't looked at the code in a good while) the session keys are not derived from the public keys.
Not derived from, but the key exchange used to arrived as a secret that an observer can't infer is dependent on the keys being secret from an observer.
I'm worried the math the does that hiding might break if both sides use the same keys.
Seems not to be an immediate concern, I won't be adding encryption right away, and if I later do, I can probably use unique keys throughout the system just to be safe.
Mortals should not design cryptography, and something so odd as doing a D-H key exchange with oneself (effectively what I am considering) is probably dangerous.
Thanks, -kb _______________________________________________ zeromq-dev mailing list [email protected] https://lists.zeromq.org/mailman/listinfo/zeromq-dev
