You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: STRANDLOCK_PROTOCOL.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -426,9 +426,9 @@ If `OTP batch` request is intercepted, `OTP` messages inherits the combined secu
426
426
427
427
Additionally, using `OTPs` here provides an odd protection to `xChaCha20Poly1305`, by making "`known plaintext oracles`" attacks impossible, significantly bolstering `xChaCha20Poly1305` security.
428
428
429
-
Additionally, using `OTPs` makes nonce reuses non-fatal, as we already encrypt nonces, the only possible way for an adversary on wire to know a nonce reuse occured, is if user types same message, with same key, with same nonce.
429
+
Additionally, using `OTPs` makes nonce reuses non-fatal, as we already encrypt nonces and change the key every time in a ratchet, the only possible way for an adversary on wire to know a nonce reuse occured, is if user types same message, with same key, with same nonce.
430
430
431
-
Even if a ranodmly generated nonce was repeated, and the user does such unlikely thing, the fact plaintext is OTP encrypted, means the adversary would still see different ciphertexts. Making it impossible for them to know if a nonce reuse occured.
431
+
Even if a ranodmly generated nonce was repeated, and the user does such unlikely thing, and implementation has mistakes of reusing same key + nonce, the fact plaintext is OTP encrypted, means the adversary would still see different ciphertexts. Making it impossible for them to know if a nonce reuse occured.
432
432
Obviously, this does not mean a nonce reuse wouldn't occur, it just means an adversary wouldn't be able to exploit the fact because to him, is invisible random blobs.
433
433
434
434
However, implementations **MUST** still use cryptographically secure `CSPRNG` for nonce generation nonetheless. This protection property only protects against the off chance a `CSPRNG` generated nonce gets duplicated.
@@ -445,7 +445,7 @@ This section defines what Strandlock defends and what it explicitly does not. Re
445
445
- May attempt to decrypt recorded messages later if primitives are broken.
446
446
447
447
##### Active network adversary:
448
-
-Can intercept, modify, inject, replay, and delay messages in real time.
448
+
-Can intercept, modify, inject, replay, and delay messages in real time.
449
449
- Can attempt man-in-the-middle (MITM) during initial `SMP` initiation.
0 commit comments