[bitcoin-dev] BIP 151 use of HMAC_SHA512
Jonas Schnelli
dev at jonasschnelli.ch
Wed Jun 29 18:46:01 UTC 2016
Hi Ethan
>> It is important to include the cipher-type into the symmetric cipher key to avoid weak-cipher-attacks.
>
> the cipher-type here refers to the ECDH negotiation parameters?
No. Not to the ECDH negotiation.
BIP151 specifies a flexible symmetric key cipher type negotiation,
although, BIP151 only specifies chacha20-poly1305 at openssh.com.
Lets assume someone adds another symmetric cipher type after BIP151 has
been deployed which has less strong security properties then
chacha20-poly1305.
If we don't include the ciphersuite-type in the key derivation HMAC, an
attacker/MITM could in theory force both nodes to use the weaker
symmetric cipher type.
</jonas>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20160629/47d92fd6/attachment.sig>
More information about the bitcoin-dev
mailing list