diff --git a/ntunnel.py b/ntunnel.py
index 29df1fe..aff73ef 100644
--- a/ntunnel.py
+++ b/ntunnel.py
@@ -155,6 +155,11 @@ async def NoiseForwarder(mode, rdrwrr, ptpair, priv_key, pub_key=None):
 		raise RuntimeError('failed to finish handshake')
 
 	# generate the keys for lengths
+	# XXX - get_handshake_hash is probably not the best option, but
+	# this is only to obscure lengths, it is not required to be secure
+	# as the underlying NoiseProtocol securely validates everything.
+	# It is marginally useful as writing patterns likely expose the
+	# true length.  Adding padding could marginally help w/ this.
 	if mode == 'resp':
 		_, declenfun = _genciphfun(proto.get_handshake_hash(), b'toresp')
 		enclenfun, _ = _genciphfun(proto.get_handshake_hash(), b'toinit')