1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
Return-Path: <dev@jonasschnelli.ch>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id DA975258
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 29 Jun 2016 18:46:04 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from server3 (server3.include7.ch [144.76.194.38])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id AD675179
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 29 Jun 2016 18:46:03 +0000 (UTC)
Received: by server3 (Postfix, from userid 115)
id CF24D2E60538; Wed, 29 Jun 2016 20:46:02 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1
autolearn=ham version=3.3.1
Received: from Jonass-MacBook-Pro-2.local (cable-static-140-182.teleport.ch
[87.102.140.182]) by server3 (Postfix) with ESMTPSA id 23CFF2D0028C;
Wed, 29 Jun 2016 20:46:02 +0200 (CEST)
To: bitcoin-dev@lists.linuxfoundation.org, eth3rs@gmail.com
References: <87h9cecad5.fsf@rustcorp.com.au>
<577224E8.6070307@jonasschnelli.ch> <8760ssdd1u.fsf@rustcorp.com.au>
<CAEM=y+XKQZVz6UieB-nDy_C9xTmXiBB3-atuuZkxzmPoSVPOJw@mail.gmail.com>
<CAPg+sBj3QRGYUzJn96ZS4bf1ZEH9KTwF+OxPXE-O_YJA66grBg@mail.gmail.com>
<CAEM=y+X5uT+UbB1f6+ynsWW4ZsxEE4X0-PbHqWXEWz_mUj8Y2w@mail.gmail.com>
From: Jonas Schnelli <dev@jonasschnelli.ch>
Message-ID: <57741769.7040300@jonasschnelli.ch>
Date: Wed, 29 Jun 2016 20:46:01 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0)
Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <CAEM=y+X5uT+UbB1f6+ynsWW4ZsxEE4X0-PbHqWXEWz_mUj8Y2w@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="1LkggroRLCofs5vQIQAxPbKuLDTC2I7oN"
Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2016 18:46:05 -0000
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--1LkggroRLCofs5vQIQAxPbKuLDTC2I7oN
Content-Type: multipart/mixed; boundary="p2QXdXXObO54P4c7gpLUBEELqj6VXK7AE"
From: Jonas Schnelli <dev@jonasschnelli.ch>
To: bitcoin-dev@lists.linuxfoundation.org, eth3rs@gmail.com
Message-ID: <57741769.7040300@jonasschnelli.ch>
Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512
References: <87h9cecad5.fsf@rustcorp.com.au>
<577224E8.6070307@jonasschnelli.ch> <8760ssdd1u.fsf@rustcorp.com.au>
<CAEM=y+XKQZVz6UieB-nDy_C9xTmXiBB3-atuuZkxzmPoSVPOJw@mail.gmail.com>
<CAPg+sBj3QRGYUzJn96ZS4bf1ZEH9KTwF+OxPXE-O_YJA66grBg@mail.gmail.com>
<CAEM=y+X5uT+UbB1f6+ynsWW4ZsxEE4X0-PbHqWXEWz_mUj8Y2w@mail.gmail.com>
In-Reply-To: <CAEM=y+X5uT+UbB1f6+ynsWW4ZsxEE4X0-PbHqWXEWz_mUj8Y2w@mail.gmail.com>
--p2QXdXXObO54P4c7gpLUBEELqj6VXK7AE
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Hi Ethan
>> It is important to include the cipher-type into the symmetric cipher k=
ey to avoid weak-cipher-attacks.
>=20
> the cipher-type here refers to the ECDH negotiation parameters?
No. Not to the ECDH negotiation.
BIP151 specifies a flexible symmetric key cipher type negotiation,
although, BIP151 only specifies chacha20-poly1305@openssh.com.
Lets assume someone adds another symmetric cipher type after BIP151 has
been deployed which has less strong security properties then
chacha20-poly1305.
If we don't include the ciphersuite-type in the key derivation HMAC, an
attacker/MITM could in theory force both nodes to use the weaker
symmetric cipher type.
</jonas>
--p2QXdXXObO54P4c7gpLUBEELqj6VXK7AE--
--1LkggroRLCofs5vQIQAxPbKuLDTC2I7oN
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXdBdpAAoJECnUvLZBb1PsTHUP/0wmVZcJQbDeVrMvR95ycznU
m0m0uweWGCLaIf0g6JHzkoSPwp244DoqpJCvmzVDTcsveu07X1sGKeYkLfPP8YPx
3KmvOFPGTKnxNIvKBmsv/7BORs6XmBQAWAVzyVf5eVzebSn2VkVw2oSv69xWV+IX
R24bH9km8D3q8QPeM+jBvKuAqYEoGK9bgE6XuaVg17vJgZ5j/1V9GY8Lx8u3ODKI
FUT7Ti1dTcEik7ik/gXD4UmBogbkAqUi/iBbY/YZA22cdSbQQ5pFvaJ3ulQ+307n
HZ1Kz03+k9yA7Obq2LORR0zMZ0m+BggeLXAvvFZLkq1VwRtCHhYi1eRKOJD+Geni
hYGjtbtlj96HBmQ7PC/zMpwevTInxOm6xrJ/PZthFIhrmhRBueCIrrtQ4yhsZ9dZ
wDrfS+RZ3wcMxD1AF4cewHs4PEkMlQaydneQxqjdUy8Kl7QRQQCwMqJum2lJ3HQ9
8Y4z+jhX6clp5wZy/xg/yynUnO6x4bydKhTf0Xr/k3ZU831zxbPk/l1KzKfga1bD
lX2lDf3/Le8z0BS5tcgGPXubA4seVhpH+2xMRtEs+9rd1/ey+o3gyxjThpl4kgDo
aNd3or+yFpdZQ26PG4+wr+ljg7VDWM6tp8rX7eC8yIHQns6DQS7zO5LRe/+jrasr
Adh32clYB61L+0NLvzqj
=1dln
-----END PGP SIGNATURE-----
--1LkggroRLCofs5vQIQAxPbKuLDTC2I7oN--
|
