Anyone who is a crypto engineer, can you explain why in under “Verifying Keys,” why the public Identity Key and user identifier are hashed 5200 times. That is, exactly 5200 times? It can’t be to resist computational speed improvements as SHA-512 is fast; I would have expected the use of a KDF.

Otherwise, wow! I don’t think even Signal uses the Noise Protocol (yet).

How can one crack a private key? Make a guess then perform a test decrypt.

Or in the case of curve25515, mask off some bits to derive the public key (errata: there’s more work involved than just a mask) and compare. Much faster. Iterating sha512 may be equal in time to a test decrypt?

It shouldn’t matter if an attacker can see the public key, (that’s kind of the point), but maybe they were concerned about leaving open a short cut?

That said, I don’t see that the public key isn’t available via other means, and I have no idea why. Just speculating why somebody might do something similar.

I Am Not A Crypto Engineer.

Anyone who is a crypto engineer, can you explain why in under “Verifying Keys,” why the public

Identity Keyand user identifier are hashed 5200 times. That is, exactly 5200 times? It can’t be to resist computational speed improvements as SHA-512 is fast; I would have expected the use of a KDF.Otherwise, wow! I don’t think even Signal uses the Noise Protocol (yet).

Speculating…

How can one crack a private key? Make a guess then perform a test decrypt.

Or in the case of curve25515, mask off some bits to derive the public key (errata: there’s more work involved than just a mask) and compare. Much faster. Iterating sha512 may be equal in time to a test decrypt?

It shouldn’t matter if an attacker can see the public key, (that’s kind of the point), but maybe they were concerned about leaving open a short cut?

That said, I don’t see that the public key isn’t available via other means, and I have no idea why. Just speculating why somebody might do something similar.

[Comment removed by author]

AIUI, repeated hashing doesn’t decrease collision resistance. So, the idea of a 5200x better chance of producing a fake public identity key isn’t true.