| > "how would I as a Python application programmer actually use Noise", I don't see the applicability. Depending on who that list is for I could agree with you. This recommendation comes from the fact that I'm seeing a LOT of companies who want to have their own secure protocol on top of whatever protocol and end up re-inventing the wheel to avoid the bloatness of TLS. Noise is a good advice for these custom made protocols. I wouldn't replace TLS in the advice, but add a note: "if you really do not want TLS, there is Noise, but that's it! > Similarly: I like Blake2 more than I like SHA-2, but SHA-2 is universally available and strong Agree, but if we want to move to nicer/stronger algorithms we must start recommending them at some point. I want to see a push for Argon2/Blake2/SHA-3 in general. > part of the point of recommending SHA-2 was to recommend against Keccak Ah well, Keccak is so interesting (not only for hashing) that I would be sad if it end up not being used in the next decades to come. If you're feeling this way because of the efficiency: that's why I recommended KangarooTwelve, if you're feeling this way because of the crappy spec: alright you win. > I don't think I actually made a key derivation or fingerprint recommendation. I like HKDF! What are you waiting for! :) |
The more important bit here is that I was updating Colin Percival's recommendations, which didn't include a KDF or an AKE. :)