[zeromq-dev] CurveZMQ comments

Trevor Perrin trevp at trevp.net
Thu Sep 26 00:44:37 CEST 2013


On Wed, Sep 25, 2013 at 3:17 PM, Lucas Hope <lucas.r.hope at gmail.com> wrote:
> On Thu, Sep 26, 2013 at 6:03 AM, Trevor Perrin <trevp at trevp.net> wrote:
>>
>> That's an oddity of CurveCP.  I don't see any reason for the HELLO to
>> encrypt zero padding (perhaps its some anti-DoS measure?).
>
>
> My understanding (*just my personal understanding*) of this is that the
> all-zero crypto box is a verification that the client is in fact
> implementing the protocol correctly.

DJB's Hello already has an 8-byte magic number [1].

As best as I can tell it's a "reserved field" so that future encrypted
extensions could be added in the first message.

Debatable whether that's worth the requirement for client
pre-knowledge of the server key that it imposes.


Trevor

[1] http://curvecp.org/packets.html



More information about the zeromq-dev mailing list