public inbox for govpn-devel@lists.cypherpunks.ru
Atom feed

From: Sergey Matveev <stargrave@stargrave•org>
To: govpn-devel@lists.cypherpunks.ru
Subject: [govpn-devel] Elligator2 implementation problem
Date: Wed, 26 Feb 2020 13:45:40 +0300	[thread overview]
Message-ID: <20200226104540.GA51135@stargrave.org> (raw)

[-- Attachment #1: Type: text/plain, Size: 701 bytes --]

Greetings!

GoVPN relies on Elligator2 transformation for zero-knowledge password
authentication. And it uses github.com/agl/ed25519 library for that.
Seems that it contains some possible bias in the output, as
https://github.com/tankf33der pointed me at:
https://github.com/agl/ed25519/issues/27
It does not compromise confidentiality and authenticity of connections,
but it makes the handshake password not so zero-knowledgable.

Currently I have not found easy replacements for Elligator2
implementation. However that flow should not be the practical
problem in real life.

-- 
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

                 reply	other threads:[~2020-02-26 10:46 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed