📅 Original date posted:2015-10-21
📝 Original message:
On Wed, Oct 21, 2015 at 11:41:45AM +1030, Rusty Russell wrote:
> Having a session nonce does help after first handshake, though it allows
> correlation, so it needs to change (pretty trivial, it could just be
> sha256() of some shared secret plus a number which increments on each
> successful handshake).
Can just be the first 4-8 bytes of that too (leaving the next 4-28 bytes
to be the secret response in the signature). ECDH of the node ids would
be the obvious shared secret to use as a base?
> In practice I think "successful handshake" is a bit vague, so may
> require allowing +/- 1 nonce. I'd have to think harder about this
> though.
> Is this overcomplicating things?
While nodes are publishing their ids (and IPs -- even if only by /whois)
in a public IRC channel, I don't think a nonce does any good -- the info
it's trying to avoid revealing is already being revealed anyway. So I
think table this for now?
Cheers,
aj
Anthony Towns [ARCHIVE] /
npub17r…x9l2h
2023-06-09 12:44:54
in reply to nevent1q…u2gf
Author Public Key
npub17rld56k4365lfphyd8u8kwuejey5xcazdxptserx03wc4jc9g24stx9l2hPublished at
2023-06-09 12:44:54Event JSON
{
"id": "dd8d51992c0fcef9996250f39d664625d5465aaf1549978ed3a42349fb6eeed7",
"pubkey": "f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab",
"created_at": 1686314694,
"kind": 1,
"tags": [
[
"e",
"3349bac3c0093cc138cf165a35e427e33b66da31c2652f9bf128f3286a54941b",
"",
"root"
],
[
"e",
"ea88d25875a9a1563da82eb48e89fc0a3fd709ddab71d2fc1a0e10fdfa936526",
"",
"reply"
],
[
"p",
"13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425"
]
],
"content": "📅 Original date posted:2015-10-21\n📝 Original message:\nOn Wed, Oct 21, 2015 at 11:41:45AM +1030, Rusty Russell wrote:\n\u003e Having a session nonce does help after first handshake, though it allows\n\u003e correlation, so it needs to change (pretty trivial, it could just be\n\u003e sha256() of some shared secret plus a number which increments on each\n\u003e successful handshake).\n\nCan just be the first 4-8 bytes of that too (leaving the next 4-28 bytes\nto be the secret response in the signature). ECDH of the node ids would\nbe the obvious shared secret to use as a base?\n\n\u003e In practice I think \"successful handshake\" is a bit vague, so may\n\u003e require allowing +/- 1 nonce. I'd have to think harder about this\n\u003e though.\n\u003e Is this overcomplicating things?\n\nWhile nodes are publishing their ids (and IPs -- even if only by /whois)\nin a public IRC channel, I don't think a nonce does any good -- the info\nit's trying to avoid revealing is already being revealed anyway. So I\nthink table this for now?\n\nCheers,\naj",
"sig": "21d365d7023812e389aa544d94b67f7a938df4ba899cfeb9638bc94dbeb77d49f88d2dc0f4f52fee393749c5e1316c9d5b43f6d5171260dab72282ef0948628a"
}