[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] obfs4 questions



On Fri, 28 Nov 2014 15:37:06 +0000
Yawning Angel <yawning@xxxxxxxxxxxxxxx> wrote:

> The Poly1305 authenticator is calculated based on the payload and the
> nonce.  In the case of the NaCL secretbox construct, 32 bytes of
> zeroes encrypted based on a one time key/counter derived from the
> actual key and the nonce. If the frames are reordered, the derived
> authenticator would be different.

Ugh, I did a terrible job of explaining that, sorry to reply to myself.

A one time poly1305 key is calculated for each box, based on 32 bytes
of zeroes encrypted with a one time Salsa20 key/counter derived from the
nonce and the box key.  You can view the use of Salsa20 there as an
arbitrary keyed hash function (in the case of the original paper, AES
was used).

Hope that clarifies things somewhat,

-- 
Yawning Angel

Attachment: pgpjs1iFJX1Y3.pgp
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev