summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2013-12-05 10:22:57 +1100
committerDamien Miller <djm@mindrot.org>2013-12-05 10:22:57 +1100
commit114e540b15d57618f9ebf624264298f80bbd8c77 (patch)
tree413e91a3ab8ba326342c0e630e53a2623d2e0a23
parente4870c090629e32f2cb649dc16d575eeb693f4a8 (diff)
- djm@cvs.openbsd.org 2013/12/02 02:50:27
[PROTOCOL.chacha20poly1305] typo; from Jon Cave
-rw-r--r--ChangeLog3
-rw-r--r--PROTOCOL.chacha20poly13054
2 files changed, 5 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 336cb2af..1aa9e80e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,9 @@
- djm@cvs.openbsd.org 2013/12/01 23:19:05
[PROTOCOL]
mention curve25519-sha256@libssh.org key exchange algorithm
+ - djm@cvs.openbsd.org 2013/12/02 02:50:27
+ [PROTOCOL.chacha20poly1305]
+ typo; from Jon Cave
20131121
- (djm) OpenBSD CVS Sync
diff --git a/PROTOCOL.chacha20poly1305 b/PROTOCOL.chacha20poly1305
index c4b723af..9cf73a92 100644
--- a/PROTOCOL.chacha20poly1305
+++ b/PROTOCOL.chacha20poly1305
@@ -47,7 +47,7 @@ cipher by decrypting and using the packet length prior to checking
the MAC. By using an independently-keyed cipher instance to encrypt the
length, an active attacker seeking to exploit the packet input handling
as a decryption oracle can learn nothing about the payload contents or
-its MAC (assuming key derivation, ChaCha20 and Poly1306 are secure).
+its MAC (assuming key derivation, ChaCha20 and Poly1305 are secure).
The AEAD is constructed as follows: for each packet, generate a Poly1305
key by taking the first 256 bits of ChaCha20 stream output generated
@@ -101,5 +101,5 @@ References
[3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley
http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
-$OpenBSD: PROTOCOL.chacha20poly1305,v 1.1 2013/11/21 00:45:43 djm Exp $
+$OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $