diff options
Diffstat (limited to 'PROTOCOL.chacha20poly1305')
-rw-r--r-- | PROTOCOL.chacha20poly1305 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/PROTOCOL.chacha20poly1305 b/PROTOCOL.chacha20poly1305 index c4b723aff..9cf73a926 100644 --- a/PROTOCOL.chacha20poly1305 +++ b/PROTOCOL.chacha20poly1305 | |||
@@ -47,7 +47,7 @@ cipher by decrypting and using the packet length prior to checking | |||
47 | the MAC. By using an independently-keyed cipher instance to encrypt the | 47 | the MAC. By using an independently-keyed cipher instance to encrypt the |
48 | length, an active attacker seeking to exploit the packet input handling | 48 | length, an active attacker seeking to exploit the packet input handling |
49 | as a decryption oracle can learn nothing about the payload contents or | 49 | as a decryption oracle can learn nothing about the payload contents or |
50 | its MAC (assuming key derivation, ChaCha20 and Poly1306 are secure). | 50 | its MAC (assuming key derivation, ChaCha20 and Poly1305 are secure). |
51 | 51 | ||
52 | The AEAD is constructed as follows: for each packet, generate a Poly1305 | 52 | The AEAD is constructed as follows: for each packet, generate a Poly1305 |
53 | key by taking the first 256 bits of ChaCha20 stream output generated | 53 | key by taking the first 256 bits of ChaCha20 stream output generated |
@@ -101,5 +101,5 @@ References | |||
101 | [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley | 101 | [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley |
102 | http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 | 102 | http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 |
103 | 103 | ||
104 | $OpenBSD: PROTOCOL.chacha20poly1305,v 1.1 2013/11/21 00:45:43 djm Exp $ | 104 | $OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $ |
105 | 105 | ||