You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm in the process of implementing a non-gaming related library for AEAD-secured DTO transfer between micro-services. I took a look at the netcode.io 1.02 standard.md and I can see the sense in virtually all of it, but there is one aspect I don't yet understand.
The connect token establishes 2 keys:
[client to server key] (32 bytes)
[server to client key] (32 bytes)
This has the effect of making the data transfer unidirectional for a given key.
What benefit does this have?
In my current understanding, if the client and server shared the same key [per unique server-client pair] (which has been established out-of-band over a secure side channel) to allow bidirectional comms with the same key, this wouldn't degrade the security but I suspect there is something I don't yet understand.
Thank you!
The text was updated successfully, but these errors were encountered:
Got it.
You're using ChaCha20, which uses a sequence nonce, not a random nonce like XChaCha20, which is what I've been looking at.
So you need to prevent nonce reuse in either direction.
I'm in the process of implementing a non-gaming related library for AEAD-secured DTO transfer between micro-services. I took a look at the netcode.io 1.02 standard.md and I can see the sense in virtually all of it, but there is one aspect I don't yet understand.
The connect token establishes 2 keys:
This has the effect of making the data transfer unidirectional for a given key.
What benefit does this have?
In my current understanding, if the client and server shared the same key [per unique server-client pair] (which has been established out-of-band over a secure side channel) to allow bidirectional comms with the same key, this wouldn't degrade the security but I suspect there is something I don't yet understand.
Thank you!
The text was updated successfully, but these errors were encountered: