|
Instead of using the nonce for the secret box, just use SipHash-2-4 in
OFB mode instead. The IV is generated as part of the KDF. This
simplifies the code a decent amount and also is better on the off
chance that SipHash-2-4 does not avalanche as well as it is currently
assumed.
While here, also decouple the fact that *this implementation* of obfs4
uses a PRNG with 24 bytes of internal state for protocol polymorphism
instead of 32 bytes (that the spec requires).
THIS CHANGE BREAKS WIRE PROTCOL COMPATIBILITY.
|
