IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2023/01/25
@eyedeekay
+R4SAS
+RN
+RN_
+Xeha
+orignal
FreeRider
Irc2PGuest22478
Irc2PGuest48042
Onn4l7h
Onn4|7h
T3s|4_
aargh3
acetone_
anon4
eyedeekay_bnc
not_bob_afk
profetikla
shiver_1
u5657
weko_
x74a6
weko New record: 20700 transit tunnels
weko Tomorrow was
weko i2pd's limit maximum: 65535 (16 bit variable), 1/3
zzz no, we didn't bother
zzz the one we did for ratchet was a lot of work and probably a waste of time
zzz 4 billion packets is a lot... if we want to rekey earlier, I guess it depends on the threat model?
zzz how long before a MitM can figure out the key?
zzz better fix for that: agree in the handshake what the starting n is, like in TCP - don't always start at 0
zzz I thought about that but figured it was too complicated
zzz but we could add it later if we want
orignal theat model is if an advesary obtains session key
orignal and it should not work for whole session
zzz yeah but how did they get session key? NSA collecting traffic and supercomputers? or local compromise of computer memory?
orignal by having an access to your memory for example
orignal it's more conceptual question
orignal like "what if..."
zzz right, but if they have access to your memory, it's game over, nothing we can do
zzz if it's the NSA and supercomputers, we can make it 2**32 harder by not starting n = 0
orignal they might not have an access all the time
zzz do you zero-out your session keys in memory when session is done?
orignal good question
zzz we do :) do that first, for all protocols, not just transport
orignal even if I didn't I will
zzz and especially zero out the DH result right away, after you do the KDF
orignal time to do it
zzz our noise lib has a HandshakeState.destroy() that kills everything:
zzz public void destroy() {
zzz if (symmetric != null)
zzz symmetric.destroy();
zzz if (localKeyPair != null)
zzz localKeyPair.destroy();
zzz if (localEphemeral != null)
zzz localEphemeral.destroy();
zzz if (remotePublicKey != null)
zzz remotePublicKey.destroy();
zzz if (remoteEphemeral != null)
zzz remoteEphemeral.destroy();
orignal yes I know how to do it
zzz I will take a look also, we probably missed some spots
orignal just need to implement derived class with destructor
orignal just didn't have time to take care about it
dr|z3d orignal: still LS funk on irc.postman?