Introduction of XChaCha20Poly1305 (Was: [ANNOUNCE] Snapshot `0.0.20161223` Available)

Baptiste Jonglez baptiste at
Sun Dec 25 23:42:25 CET 2016


On Fri, Dec 23, 2016 at 09:15:28PM +0100, Jason A. Donenfeld wrote:
>   * cookies: use xchacha20poly1305 instead of chacha20poly1305
>   This is a big change. To simplify the security analysis, improve speed, and
>   simplify the code, we now use XChaChaPoly1305 with a random 24-byte nonce,
>   instead of using a random 32-byte salt.

- Is this backwards compatible?

- Could you provide references describing XChaCha20Poly1305 and the
  differences with ChaCha20Poly1305?

- What part of the protocol does this change?  Is it just the initial key

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the WireGuard mailing list