diff options
| author | Damien Miller <djm@mindrot.org> | 2013-12-05 00:22:57 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-12-05 00:22:57 +0100 |
| commit | 114e540b15d57618f9ebf624264298f80bbd8c77 (patch) | |
| tree | 413e91a3ab8ba326342c0e630e53a2623d2e0a23 /PROTOCOL.chacha20poly1305 | |
| parent | - djm@cvs.openbsd.org 2013/12/01 23:19:05 (diff) | |
| download | openssh-114e540b15d57618f9ebf624264298f80bbd8c77.tar.xz openssh-114e540b15d57618f9ebf624264298f80bbd8c77.zip | |
- djm@cvs.openbsd.org 2013/12/02 02:50:27
[PROTOCOL.chacha20poly1305]
typo; from Jon Cave
Diffstat (limited to 'PROTOCOL.chacha20poly1305')
| -rw-r--r-- | PROTOCOL.chacha20poly1305 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/PROTOCOL.chacha20poly1305 b/PROTOCOL.chacha20poly1305 index c4b723aff..9cf73a926 100644 --- a/PROTOCOL.chacha20poly1305 +++ b/PROTOCOL.chacha20poly1305 @@ -47,7 +47,7 @@ cipher by decrypting and using the packet length prior to checking the MAC. By using an independently-keyed cipher instance to encrypt the length, an active attacker seeking to exploit the packet input handling as a decryption oracle can learn nothing about the payload contents or -its MAC (assuming key derivation, ChaCha20 and Poly1306 are secure). +its MAC (assuming key derivation, ChaCha20 and Poly1305 are secure). The AEAD is constructed as follows: for each packet, generate a Poly1305 key by taking the first 256 bits of ChaCha20 stream output generated @@ -101,5 +101,5 @@ References [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 -$OpenBSD: PROTOCOL.chacha20poly1305,v 1.1 2013/11/21 00:45:43 djm Exp $ +$OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $ |