Today we published a security fix for http://golang.org/x/crypto/salsa20 …. If you generated more than 256 GiB of output from a single key+nonce pair, it would loop due to a counter overflow. Found by @mbmcloughlin's fuzzers.https://groups.google.com/d/msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ …
-
Show this thread
-
The issue is also present in the upstream implementations from SUPERCOP, NaCl and from the official Salsa20 website, but it will not be fixed there because the author does not consider it a problem. (Because NaCl tells you not to encrypt messages bigger than 4 KiB.)
3 replies 9 retweets 24 likesShow this thread -
Replying to @BRIAN_____
The code already accepted 64-bit counters, it just had a bit of broken logic in the assembly. https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d%5E%21/#F1 …
1 reply 2 retweets 6 likes -
Replying to @FiloSottile @BRIAN_____
This is why you don't write per-arch asm for crypto... Nobody but datacenters benefits from crypto perf but everybody's safety suffers.
1 reply 0 retweets 1 like -
Replying to @RichFelker @BRIAN_____
I am the one that has to review it, so trust me when I say I would do away with assembly in a heartbeat, but no, it's not that simple. Battery life suffers greatly from inefficient implementations, and asm is what makes some crypto viable on some low powered devices.
2 replies 0 retweets 4 likes -
Replying to @FiloSottile @BRIAN_____
What battery-powered (esp x86_64) device has sufficient crypto volume that efficiency of the crypto has any measurable effect on battery life?
1 reply 0 retweets 0 likes -
Replying to @RichFelker @BRIAN_____
This would actually be something I'd love to read even an empirical study on, but my intuition is "most laptops" given how everything is TLS these days. As an anecdote, Wireguard was having trouble on iOS because of lack of assembly arm64 ChaCha20 in Go.
3 replies 0 retweets 5 likes
FWIW, we're still itching for arm64 Poly1305 in Go...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.