RPRX
@zonyitoo 是的,需要生成多个初始密钥,如果同端口则需要进行解密尝试,但由于只判断第一个包,所以代价很低
@zonyitoo 我觉得按照规范,独立密钥足以同时作为认证机制了?
After further thought, update: It is not necessary to sync time on both sides in most scenarios, which is not an actual limitation. The server just needs to generate different...
@Mygod 说出你的想法
It's built on top of the protocol, without introduction of additional long-term channels or bring in potential identifiable features. cc @fortuna
@QuantumGhost 又来一个
@Mygod I would like to ask your explanation on the downvote. I expect a technical discussion rather than some cold violence.
@Mygod I would like to **REQUEST** your explanation on the downvote. I expect a technical discussion rather than some cold violence.
@QuantumGhost 1. 我很难赞同你的观点,或许你看看这里 https://github.com/shadowsocks/shadowsocks-windows/issues/3059 2. 就我个人而言,缺乏前向安全的东西是不敢用的,不希望通信内容哪天被拉清单 3. Shadowsocks 同端口未知流量就是很明显的特征,不如先把这个改掉? 4. 注意我公开的想法都不是实验性的,而是一定会实现的,只是看 SS 组织有无意愿一起标准化 5. 所以如果无意愿,我更乐意直接实现一个 Secure Shadowsocks,并向人们普及一下什么叫前向安全 6. 可能你并不知道过几天会有一篇文章出来,而文中的机制可以解决问题 话说回来,若只是为了翻墙,如果你不介意买个域名,XTLS 可能是现阶段更好的选择。
@fortuna There is an obvious misunderstanding, I'll explain this mechanism in detail: 1. `key = hash(key)` means that **key itself will be updated, and the old key will no longer...