@eyedeekay
+R4SAS
+RN
+RN_
+T3s|4
+Xeha
+not_bob
+orignal
+weko
Irc2PGuest21083
Irc2PGuest86132
Onn4l7h
Onn4|7h
T3s|4_
aargh2
anon4
eyedeekay_bnc
hk
profetikla
shiver_
u5657
x74a6
weko
New record: 20700 transit tunnels
weko
Tomorrow was
dr|z3d
\o/
weko
i2pd's limit maximum: 65535 (16 bit variable), 1/3
zzz
no, we didn't bother
zzz
the one we did for ratchet was a lot of work and probably a waste of time
zzz
4 billion packets is a lot... if we want to rekey earlier, I guess it depends on the threat model?
zzz
how long before a MitM can figure out the key?
zzz
better fix for that: agree in the handshake what the starting n is, like in TCP - don't always start at 0
zzz
I thought about that but figured it was too complicated
zzz
but we could add it later if we want
orignal
theat model is if an advesary obtains session key
orignal
and it should not work for whole session
zzz
yeah but how did they get session key? NSA collecting traffic and supercomputers? or local compromise of computer memory?
orignal
idk
orignal
by having an access to your memory for example
orignal
it's more conceptual question
orignal
like "what if..."
zzz
right, but if they have access to your memory, it's game over, nothing we can do
zzz
if it's the NSA and supercomputers, we can make it 2**32 harder by not starting n = 0
orignal
they might not have an access all the time
zzz
do you zero-out your session keys in memory when session is done?
orignal
good question
zzz
we do :) do that first, for all protocols, not just transport
orignal
even if I didn't I will
orignal
yes
zzz
and especially zero out the DH result right away, after you do the KDF
orignal
time to do it
zzz
our noise lib has a HandshakeState.destroy() that kills everything:
zzz
public void destroy() {
zzz
if (symmetric != null)
zzz
symmetric.destroy();
zzz
if (localKeyPair != null)
zzz
localKeyPair.destroy();
zzz
if (localEphemeral != null)
zzz
localEphemeral.destroy();
zzz
if (remotePublicKey != null)
zzz
remotePublicKey.destroy();
zzz
if (remoteEphemeral != null)
zzz
remoteEphemeral.destroy();
zzz
}
orignal
yes I know how to do it
zzz
:)
zzz
I will take a look also, we probably missed some spots
orignal
just need to implement derived class with destructor
orignal
just didn't have time to take care about it
dr|z3d
orignal: still LS funk on irc.postman?