From f002ce41d1623691955741d7dce84e7e17f46e65 Mon Sep 17 00:00:00 2001 From: John-Mark Gurney Date: Fri, 25 Oct 2019 11:30:57 -0700 Subject: [PATCH] add comment about how to improve this... --- ntunnel.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ntunnel.py b/ntunnel.py index 29df1fe..aff73ef 100644 --- a/ntunnel.py +++ b/ntunnel.py @@ -155,6 +155,11 @@ async def NoiseForwarder(mode, rdrwrr, ptpair, priv_key, pub_key=None): raise RuntimeError('failed to finish handshake') # generate the keys for lengths + # XXX - get_handshake_hash is probably not the best option, but + # this is only to obscure lengths, it is not required to be secure + # as the underlying NoiseProtocol securely validates everything. + # It is marginally useful as writing patterns likely expose the + # true length. Adding padding could marginally help w/ this. if mode == 'resp': _, declenfun = _genciphfun(proto.get_handshake_hash(), b'toresp') enclenfun, _ = _genciphfun(proto.get_handshake_hash(), b'toinit')