Re: [tor-dev] obfs4 questions

2014-11-29 Thread Michael Rogers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 29/11/14 00:35, Yawning Angel wrote: > On Fri, 28 Nov 2014 17:57:26 + Michael Rogers > wrote: > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> >> On 28/11/14 15:50, Yawning Angel wrote: >>> A one time poly1305 key is calculated for e

Re: [tor-dev] obfs4 questions

2014-11-28 Thread Yawning Angel
On Fri, 28 Nov 2014 17:57:26 + Michael Rogers wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 28/11/14 15:50, Yawning Angel wrote: > > A one time poly1305 key is calculated for each box, based on 32 > > bytes of zeroes encrypted with a one time Salsa20 key/counter > > deriv

Re: [tor-dev] obfs4 questions

2014-11-28 Thread Michael Rogers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 28/11/14 15:50, Yawning Angel wrote: > A one time poly1305 key is calculated for each box, based on 32 > bytes of zeroes encrypted with a one time Salsa20 key/counter > derived from the nonce and the box key. You can view the use of > Salsa20 the

Re: [tor-dev] obfs4 questions

2014-11-28 Thread Yawning Angel
On Fri, 28 Nov 2014 15:37:06 + Yawning Angel wrote: > The Poly1305 authenticator is calculated based on the payload and the > nonce. In the case of the NaCL secretbox construct, 32 bytes of > zeroes encrypted based on a one time key/counter derived from the > actual key and the nonce. If the

Re: [tor-dev] obfs4 questions

2014-11-28 Thread Yawning Angel
On Fri, 28 Nov 2014 14:47:29 + Michael Rogers wrote: > I believe so too, but is it stated anywhere that this is a guaranteed > property of crypto_secretbox? The Poly1305 authenticator is calculated based on the payload and the nonce. In the case of the NaCL secretbox construct, 32 bytes of

Re: [tor-dev] obfs4 questions

2014-11-28 Thread Michael Rogers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thanks for the quick response! On 28/11/14 13:39, Yawning Angel wrote: >> In the obfs4 spec I couldn't find a description of how the >> secretbox nonces for the frames are constructed. A 16-byte nonce >> prefix comes from the KDF, but what about the

Re: [tor-dev] obfs4 questions

2014-11-28 Thread Yawning Angel
On Fri, 28 Nov 2014 13:08:04 + Michael Rogers wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hi, > > In the obfs4 spec I couldn't find a description of how the secretbox > nonces for the frames are constructed. A 16-byte nonce prefix comes > from the KDF, but what about the

[tor-dev] obfs4 questions

2014-11-28 Thread Michael Rogers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, In the obfs4 spec I couldn't find a description of how the secretbox nonces for the frames are constructed. A 16-byte nonce prefix comes from the KDF, but what about the remaining 8 (presumably frame-specific) bytes? If an attacker changes the