Comments (3)
As a general policy, we should have information on that, and presently don't, which is bad.
That said, I will follow up with you via private email to discuss possible options.
from stream-ciphers.
I'll go ahead and disclose this issue, saying up front that in my assessment it does not impact users of the chacha20poly1305
crate (main vicarious users of this crate today), which honors the maximum plaintext length (P_MAX
) described in RFC 8439 Section 2.8 and therefore should prevent this issue:
https://github.com/RustCrypto/AEADs/blob/master/chacha20poly1305/src/cipher.rs#L55
Anyone using the chacha20
crate directly through the SyncStreamCipher
and SyncStreamCipherSeek
APIs can potentially overflow the 32-bit counter value, leading to nonce reuse. This would occur after encrypting 2^32 blocks of data (~256GB), or seeking to a point in the keystream where the counter overflows, leading to nonce reuse.
This crate has a chacha20::MAX_BLOCKS
constant set to the correct value, however it isn't honored when using the stream-cipher
traits.
I'm disclosing in advance with it unpatched because of both the low exploitability and relatively small number of non-chacha20poly1305
usages of this crate.
I will prepare a small fix, do another release, and also file a RustSec issue about it.
from stream-ciphers.
I just released a stopgap fix for this which panics in chacha20
v0.2.3, and yanked all previous releases of the chacha20
crate.
I opened #70 to track adding a falliable API to salsa20-core
to avoid panicking in these situations.
from stream-ciphers.
Related Issues (20)
- Please publish aes-ctr v0.5 to crates.io HOT 2
- request for rabbit cipher HOT 1
- ctr: block size vs counter size naming HOT 3
- XChaCha20 unnecessarily limits keystream to 256gb HOT 6
- Missing algorithms HOT 4
- Remove circular dependencies on `aes` crate HOT 1
- why chacha20 seek only works up to 2^37 while xchacha20 seek works up to 2^62? HOT 1
- out of range for slice of length 16 HOT 5
- chacha20: Add wide (4-block) AVX2 impl
- Port chacha20 SIMD backends
- Locking `zeroize` to `<=1.5` for `chacha` prevents compiling with `num-bigint-dig v0.8.1` (for `rsa 0.6.0-pre`) HOT 3
- version 0.9.0 does not compile on Arduino architecture HOT 1
- chacha20: SIGSEGV in CI HOT 8
- Publish `chacha20` crate which is available `neon` feature HOT 1
- Make the neon feature available for ChaCha20 HOT 3
- Does it allow to call decryption method explicitly? HOT 1
- Add more test vectors to salsa20 ? HOT 8
- chacha20: 64-bit counter support HOT 3
- `chacha20` is missing `.zeroize()` for the SIMD backends HOT 16
- No performance improvements with `-Ctarget-feature=+neon` on `arm64` HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stream-ciphers.