Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Too much nested hashing? #11

Open
AljoschaMeyer opened this issue Jun 4, 2017 · 1 comment
Open

Too much nested hashing? #11

AljoschaMeyer opened this issue Jun 4, 2017 · 1 comment

Comments

@AljoschaMeyer
Copy link
Contributor

In clientVerifyAuth(), state.secret3 is set to hash(K | a_s * b_p | a_s * B_p | A_s * b_p). The final, negotiated encryption key is later computed as hash(hash(hash(K | a_s * b_p | a_s * B_p | A_s * b_p)) | B_p) (analogously for the decryption key).

Why isn't the encryption key simply hash(hash(K | a_s * b_p | a_s * B_p | A_s * b_p) | B_p)? Is there a reason for rehashing secret3, or is this a mistake?
@dominictarr
Copy link
Collaborator

that is so the application (i.e. pull-box-stream) never knows the internal secrets used in the handshake.

secret3 is used to encrypt the serverAccept https://github.com/auditdrivencrypto/secret-handshake/blob/master/crypto.js#L141 so hashing that again means it doesn't get used again.

keep in mind that sha256 is at least 60 times faster than 1 asymmerical operation https://github.com/dominictarr/sodiumperf/blob/master/results/bindings.txt since each side does 3 scalar_mult's a sign and a verify, it would take a lot more hashes before we'd actually notice any perf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dominictarr @AljoschaMeyer