Today we published a security fix for http://golang.org/x/crypto/salsa20 …. If you generated more than 256 GiB of output from a single key+nonce pair, it would loop due to a counter overflow. Found by @mbmcloughlin's fuzzers.https://groups.google.com/d/msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ …
-
Show this thread
-
The issue is also present in the upstream implementations from SUPERCOP, NaCl and from the official Salsa20 website, but it will not be fixed there because the author does not consider it a problem. (Because NaCl tells you not to encrypt messages bigger than 4 KiB.)
3 replies 9 retweets 24 likesShow this thread -
Replying to @FiloSottile
The cipher stream would cycle? does that mean that the implementations are incompatible now and that > 256GiB data would decrypt to garbage? while still having a EtM HMAC or Poly1305 tag pass?
3 replies 0 retweets 3 likes -
Replying to @colmmacc
Well, yeah, that's what happens when the cipher stream is wrong. (Worse, since it cycles it breaks unpredictability and secrecy.) Not sure I understand your point?
2 replies 0 retweets 5 likes -
Replying to @FiloSottile @colmmacc
With respect, I was scanning this thread (linked from elsewhere), and this specific tweet clued me in that you worked for Google before I clicked on your profile.
1 reply 0 retweets 1 like -
Replying to @QuinnyPig @colmmacc
Well, that’s concerning since I’ve only been at Google for a year and worked on open source the entire time. Have they hired me just for my tweeting style?
Anyway, not sure I understand your point? ;)1 reply 0 retweets 5 likes -
(Also, I know Colm and I know he wasn’t actually asking me to explain stream ciphers to him, not that you could have known this, but since you are commenting on our 1:1 interactions...)
2 replies 0 retweets 3 likes
I'll translate the undeserved snark
At AWS we have a fairly robust policy of no backwards incompatible changes ever. We'll rev new API versions for tiny things, to the point of parody, and we never turn off old services or APIs.
-
-
Sorry to inject, but...
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
Show additional replies, including those that may contain offensive content
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.