ChaCha20 Rekey Frequency

Damien Miller djm at mindrot.org
Thu Mar 30 14:03:25 AEDT 2023


On Wed, 29 Mar 2023, Thorsten Glaser wrote:

> Hi Damien,
> 
> >This is what I'm playing with at the moment:
> 
> if you’re playing with this currently anyway, shouldn’t…
> 
> >+	/*
> >+	 * Otherwise, use the RFC4344 s3.2 recommendation of 2**(L/4) blocks
> >+	 * before rekeying where L is the blocksize in bits.
> >+	 * Most other ciphers have a 128 bit blocksize, so this equates to
> >+	 * 2**32 blocks / 64GB data.
> >+	 */
> >+	return (uint64_t)1 << (c->block_size * 2);
> 
> … this get an upper bound? This is UB for 256-bit blocksizes
> at least…

block sizes in struct sshcipher are in bytes, not bits


More information about the openssh-unix-dev mailing list