Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-06-03 | PQ status update | Nick Mathewson | |
2016-10-14 | prop269: Moved instantiations to appendix | John M. Schanck | |
2016-10-14 | prop269: Append PROTOID to TRANSCRIPT | John M. Schanck | |
2016-10-14 | prop269: Removed hash of initial XTR salt | John M. Schanck | |
2016-09-02 | prop269: Alternative KDF | John M. Schanck | |
This variant makes two theoretically interesting changes: 1) It only uses client provided inputs for the extractor salt, 2) It includes an additional HMAC step for deriving AUTH. The first change prevents someone who is attempting to impersonate the server from biasing the randomness extractor. We don't expect such a biasing attack to be possible, but there's no harm in eliminating the possibility. The second change eliminates the 2^lambda session collision attack mentioned in previous versions. | |||
2016-07-22 | Add the common hybrid handshake proposal and assign it a number. | Isis Lovecruft | |