mafintosh
commented
2 years ago The header and the hash of the handshake hash are sent unecrypted yea (we use the latter to identify the connection).
Neither needs encryption. From the sodium docs
“The header content doesn't have to be secret and decryption with a different header would fail”
moea
Thanks for the library. I'm implementing something similar to the Noise handshake -> secretstream pattern in a Clojure library, and I'm not quite following the logic in
index.js— does the message containing the handshake hash & secret stream header get sent in plaintext (which is what it looks like), or are you encrypting it via Noise? Could you give me the thinking behind the design decision?