Hacker News new | past | comments | ask | show | jobs | submit login

Just to clarify, the attack you want to protect against is that of an adversary being able to conclude the DH public key exchange with a bona fide weave peer, despite having no knowledge of the password. Correct?

But what can an adversary learn from doing so? All subsequent messages on the connection are encrypted with the secret key, which has the password mixed in.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: