diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2013-12-02 02:50:28 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2013-12-02 02:50:28 +0000 |
| commit | 4f126cf2a248d99b7f11642d78b9cd922f00d369 (patch) | |
| tree | d3d73f7d7caeb7f819b68b0bed7c6b2eae580aef /usr.bin/ssh | |
| parent | 8d6cc557ca0cb02a90d0e07475ec2aa2be2c6728 (diff) | |
typo; from Jon Cave
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/PROTOCOL.chacha20poly1305 | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/ssh/PROTOCOL.chacha20poly1305 b/usr.bin/ssh/PROTOCOL.chacha20poly1305 index c4b723aff35..9cf73a926bb 100644 --- a/usr.bin/ssh/PROTOCOL.chacha20poly1305 +++ b/usr.bin/ssh/PROTOCOL.chacha20poly1305 @@ -47,7 +47,7 @@ cipher by decrypting and using the packet length prior to checking the MAC. By using an independently-keyed cipher instance to encrypt the length, an active attacker seeking to exploit the packet input handling as a decryption oracle can learn nothing about the payload contents or -its MAC (assuming key derivation, ChaCha20 and Poly1306 are secure). +its MAC (assuming key derivation, ChaCha20 and Poly1305 are secure). The AEAD is constructed as follows: for each packet, generate a Poly1305 key by taking the first 256 bits of ChaCha20 stream output generated @@ -101,5 +101,5 @@ References [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03 -$OpenBSD: PROTOCOL.chacha20poly1305,v 1.1 2013/11/21 00:45:43 djm Exp $ +$OpenBSD: PROTOCOL.chacha20poly1305,v 1.2 2013/12/02 02:50:27 djm Exp $ |