On 8/26/21 at 6:01 PM, m...@lowentropy.net (Martin Thomson) wrote:
That Signal was hard is interesting, but I don't think that the
authors were sufficiently creative. They say "these
low-bandwidth attacks cannot be used to leak the short-term,
ephemeral keys", but I don't think that is true at all. I'll
leave it as an exercise for the reader, but I believe it to be
trivial to have all keying material available to the observer
if an endpoint is cooperative.
And remember, you don't have to exfiltrate the whole key to make
the exhaustive search problem much easier.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | The first thing you need when | Periwinkle
(408)348-7900 | using a perimeter defense is a | 150
Rivermead Rd #235
www.pwpconsult.com | perimeter. |
Peterborough, NH 03458
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls