From f388fef2f621c648f0e06aa5bdf06db3efd27b04 Mon Sep 17 00:00:00 2001 From: Christopher Jeffrey Date: Tue, 26 Jul 2016 23:26:46 -0700 Subject: BIP151: Clarifications on AAD and sequence numbers. --- bip-0151.mediawiki | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'bip-0151.mediawiki') diff --git a/bip-0151.mediawiki b/bip-0151.mediawiki index cc79712..f565a4e 100644 --- a/bip-0151.mediawiki +++ b/bip-0151.mediawiki @@ -123,12 +123,14 @@ After a successful encinit/encack interaction from bot Encrypted messages do not have the 4byte network magic. +The ciphertext payload length must be included in the AEAD MAC as AAD. + The maximum message length needs to be chosen carefully. The 4 byte length field can lead to a required message buffer of 4 GiB. Processing the message before the authentication succeeds must not be done. The 4byte sha256 checksum is no longer required because the AEAD. -Both peers need to track the message number (int64) of sent messages to the remote peer for building a symmetric cipher IV. Padding might be required (96bit IVs). +Both peers need to track the message sequence number (uint32) of sent messages to the remote peer for building a 64 bit symmetric cipher IV. Sequence numbers are allowed to overflow to zero after 4294967295 (2^32-1). The encrypted payload will result decrypted in one or many unencrypted messages: @@ -156,7 +158,7 @@ The Re-Keying must be done after every 1GB of data sent or received (recommended === Risks === -The encryption does not include an identity authentication scheme. This BIP does not cover a proposal to avoid MITM attacks during the encryption initialization. +The encryption does not include an identity authentication scheme. This BIP does not cover a proposal to avoid MITM attacks during the encryption initialization. Identity authentication will be covered in another BIP and will presume communication encryption after this BIP. -- cgit v1.2.3