Here's an even weirder quirk: if the message is empty, the tag is simply the second half of the key. Again makes sense because the tag will be 0 + s mod 2¹²⁸ which is fine because... ChaCha20Poly1305 derives the key from key + nonce and no one else uses Poly1305?
-
-
Prikaži ovu nit
-
Why did we expose Poly1305 in x/crypto again? 𝘱𝘪𝘤𝘬𝘴 𝘶𝘱 𝘥𝘦𝘱𝘳𝘦𝘤𝘢𝘵𝘪𝘰𝘯 𝘩𝘢𝘮𝘮𝘦𝘳
Prikaži ovu nit -
It's Sunday night, I'm at
@recursecenter, and I'm auditing uses of x/poly1305 to make a point. I'm terrified I'll find vulnerabilities in the process. Help?Prikaži ovu nit -
Well, before I got distracted by this horror while writing tests... I had just completed a long-running quest: the generic chacha20poly1305 code now has ZERO allocations, opening the door to separate chacha20 and poly1305 assembly \o/ https://go-review.googlesource.com/c/crypto/+/206977 …
Prikaži ovu nit -
Novi razgovor -
-
-
What is the poly api like?
-
There are a one-shot Sum/Verify one and a new Writer one that panics if you call Write after Sum/Verify. https://pkg.go.dev/golang.org/x/crypto/poly1305 …
- Još 5 drugih odgovora
Novi razgovor -
-
-
Something similar happens when the GCM authentication key E_k(0) = 0 - the tag verifies for any ciphertext (GMAC ends up being a constant polynomial)!
- Još 3 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.