I'm reviewing the latest work on the packetFormat branch. Will give more detailed feedback shortly, but key issues:
The crypto is based on the packet sequence number, therefore afaics packet numbers must not wrap. The obvious solution is to ensure we rekey before this happens, and kill the connection if the rekey fails. A complex alternative would be to have a second counter, maybe going all the way up to the 32 bytes, which we could increment every time we wrap, and would not be sent with the packets. Wrapping message numbers are somewhat safer. Provided the packet window is limited - which it is - replays are not likely to be a problem, because we won't wrap message numbers within a packet window. This should be documented, and maybe checked. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101016/31d7da51/attachment.pgp>