From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id DA975258 for ; Wed, 29 Jun 2016 18:46:04 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from server3 (server3.include7.ch [144.76.194.38]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id AD675179 for ; Wed, 29 Jun 2016 18:46:03 +0000 (UTC) Received: by server3 (Postfix, from userid 115) id CF24D2E60538; Wed, 29 Jun 2016 20:46:02 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, FSL_HELO_NON_FQDN_1 autolearn=ham version=3.3.1 Received: from Jonass-MacBook-Pro-2.local (cable-static-140-182.teleport.ch [87.102.140.182]) by server3 (Postfix) with ESMTPSA id 23CFF2D0028C; Wed, 29 Jun 2016 20:46:02 +0200 (CEST) To: bitcoin-dev@lists.linuxfoundation.org, eth3rs@gmail.com References: <87h9cecad5.fsf@rustcorp.com.au> <577224E8.6070307@jonasschnelli.ch> <8760ssdd1u.fsf@rustcorp.com.au> From: Jonas Schnelli Message-ID: <57741769.7040300@jonasschnelli.ch> Date: Wed, 29 Jun 2016 20:46:01 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1LkggroRLCofs5vQIQAxPbKuLDTC2I7oN" Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512 X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jun 2016 18:46:05 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --1LkggroRLCofs5vQIQAxPbKuLDTC2I7oN Content-Type: multipart/mixed; boundary="p2QXdXXObO54P4c7gpLUBEELqj6VXK7AE" From: Jonas Schnelli To: bitcoin-dev@lists.linuxfoundation.org, eth3rs@gmail.com Message-ID: <57741769.7040300@jonasschnelli.ch> Subject: Re: [bitcoin-dev] BIP 151 use of HMAC_SHA512 References: <87h9cecad5.fsf@rustcorp.com.au> <577224E8.6070307@jonasschnelli.ch> <8760ssdd1u.fsf@rustcorp.com.au> In-Reply-To: --p2QXdXXObO54P4c7gpLUBEELqj6VXK7AE Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Hi Ethan >> It is important to include the cipher-type into the symmetric cipher k= ey to avoid weak-cipher-attacks. >=20 > the cipher-type here refers to the ECDH negotiation parameters? No. Not to the ECDH negotiation. BIP151 specifies a flexible symmetric key cipher type negotiation, although, BIP151 only specifies chacha20-poly1305@openssh.com. Lets assume someone adds another symmetric cipher type after BIP151 has been deployed which has less strong security properties then chacha20-poly1305. If we don't include the ciphersuite-type in the key derivation HMAC, an attacker/MITM could in theory force both nodes to use the weaker symmetric cipher type. --p2QXdXXObO54P4c7gpLUBEELqj6VXK7AE-- --1LkggroRLCofs5vQIQAxPbKuLDTC2I7oN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXdBdpAAoJECnUvLZBb1PsTHUP/0wmVZcJQbDeVrMvR95ycznU m0m0uweWGCLaIf0g6JHzkoSPwp244DoqpJCvmzVDTcsveu07X1sGKeYkLfPP8YPx 3KmvOFPGTKnxNIvKBmsv/7BORs6XmBQAWAVzyVf5eVzebSn2VkVw2oSv69xWV+IX R24bH9km8D3q8QPeM+jBvKuAqYEoGK9bgE6XuaVg17vJgZ5j/1V9GY8Lx8u3ODKI FUT7Ti1dTcEik7ik/gXD4UmBogbkAqUi/iBbY/YZA22cdSbQQ5pFvaJ3ulQ+307n HZ1Kz03+k9yA7Obq2LORR0zMZ0m+BggeLXAvvFZLkq1VwRtCHhYi1eRKOJD+Geni hYGjtbtlj96HBmQ7PC/zMpwevTInxOm6xrJ/PZthFIhrmhRBueCIrrtQ4yhsZ9dZ wDrfS+RZ3wcMxD1AF4cewHs4PEkMlQaydneQxqjdUy8Kl7QRQQCwMqJum2lJ3HQ9 8Y4z+jhX6clp5wZy/xg/yynUnO6x4bydKhTf0Xr/k3ZU831zxbPk/l1KzKfga1bD lX2lDf3/Le8z0BS5tcgGPXubA4seVhpH+2xMRtEs+9rd1/ey+o3gyxjThpl4kgDo aNd3or+yFpdZQ26PG4+wr+ljg7VDWM6tp8rX7eC8yIHQns6DQS7zO5LRe/+jrasr Adh32clYB61L+0NLvzqj =1dln -----END PGP SIGNATURE----- --1LkggroRLCofs5vQIQAxPbKuLDTC2I7oN--