Today we published a security fix for http://golang.org/x/crypto/salsa20 …. If you generated more than 256 GiB of output from a single key+nonce pair, it would loop due to a counter overflow. Found by @mbmcloughlin's fuzzers.https://groups.google.com/d/msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ …
-
-
... I can well imagine someone encrypting a snapshot of that size. The MAC/tag are valid, it'll pass the simple corruption tests, and even a full read-back test will work if the bug is deterministic (it looks to be to me) ... but now post-fix, I'd might be made unrestorable :(
-
This is bad. But what would you suggest? Re-introducing the bug so that they can decrypt their file? That’s obviously not an option. And the previous behavior can still be emulated.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.