Introduction of XChaCha20Poly1305 (Was: [ANNOUNCE] Snapshot `0.0.20161223` Available)
Baptiste Jonglez
baptiste at bitsofnetworks.org
Sun Dec 25 23:42:25 CET 2016
Hi,
On Fri, Dec 23, 2016 at 09:15:28PM +0100, Jason A. Donenfeld wrote:
> * cookies: use xchacha20poly1305 instead of chacha20poly1305
>
> This is a big change. To simplify the security analysis, improve speed, and
> simplify the code, we now use XChaChaPoly1305 with a random 24-byte nonce,
> instead of using a random 32-byte salt.
- Is this backwards compatible?
- Could you provide references describing XChaCha20Poly1305 and the
differences with ChaCha20Poly1305?
- What part of the protocol does this change? Is it just the initial key
exchange?
Thanks,
Baptiste
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20161225/490964a6/attachment.asc>
More information about the WireGuard
mailing list