#ls2 (irc2p) | #ls2 I2P Protocol Development Discussion - Next Meeting Monday, October 9th 6:30 UTC

#ls2

/2023/01/25

Online: 22

@eyedeekay

+R4SAS

+RN

+RN_

+Xeha

+orignal

FreeRider

Irc2PGuest22478

Irc2PGuest48042

Onn4l7h

Onn4|7h

T3s|4_

aargh3

acetone_

anon4

eyedeekay_bnc

not_bob_afk

profetikla

shiver_1

u5657

weko_

x74a6

weko New record: 20700 transit tunnels

weko Tomorrow was

dr|z3d \o/

weko i2pd's limit maximum: 65535 (16 bit variable), 1/3

zzz no, we didn't bother

zzz the one we did for ratchet was a lot of work and probably a waste of time

zzz 4 billion packets is a lot... if we want to rekey earlier, I guess it depends on the threat model?

zzz how long before a MitM can figure out the key?

zzz better fix for that: agree in the handshake what the starting n is, like in TCP - don't always start at 0

zzz I thought about that but figured it was too complicated

zzz but we could add it later if we want

orignal theat model is if an advesary obtains session key

orignal and it should not work for whole session

zzz yeah but how did they get session key? NSA collecting traffic and supercomputers? or local compromise of computer memory?

orignal idk

orignal by having an access to your memory for example

orignal it's more conceptual question

orignal like "what if..."

zzz right, but if they have access to your memory, it's game over, nothing we can do

zzz if it's the NSA and supercomputers, we can make it 2**32 harder by not starting n = 0

orignal they might not have an access all the time

zzz do you zero-out your session keys in memory when session is done?

orignal good question

zzz we do :) do that first, for all protocols, not just transport

orignal even if I didn't I will

orignal yes

zzz and especially zero out the DH result right away, after you do the KDF

orignal time to do it

zzz our noise lib has a HandshakeState.destroy() that kills everything:

zzz public void destroy() {

zzz if (symmetric != null)

zzz symmetric.destroy();

zzz if (localKeyPair != null)

zzz localKeyPair.destroy();

zzz if (localEphemeral != null)

zzz localEphemeral.destroy();

zzz if (remotePublicKey != null)

zzz remotePublicKey.destroy();

zzz if (remoteEphemeral != null)

zzz remoteEphemeral.destroy();

zzz }

orignal yes I know how to do it

zzz :)

zzz I will take a look also, we probably missed some spots

orignal just need to implement derived class with destructor

orignal just didn't have time to take care about it

dr|z3d orignal: still LS funk on irc.postman?