ChaCha20 Rekey Frequency
Damien Miller
djm at mindrot.org
Thu Mar 30 14:21:26 AEDT 2023
On Thu, 30 Mar 2023, Thorsten Glaser wrote:
> On Thu, 30 Mar 2023, Damien Miller wrote:
>
> >> >+ return (uint64_t)1 << (c->block_size * 2);
> >>
> >> … this get an upper bound? This is UB for 256-bit blocksizes
> >> at least…
> >
> >block sizes in struct sshcipher are in bytes, not bits
>
> Yes, exactly.
>
> 256 bit = 32 bytes; 32*2 = 64; (uint64_t)1 << 64 is UB.
oops yes
there are no 256-bit block ciphers specified for SSH anyway and none are
likely to be specified any time soon; wide block ciphers are rare outside
of storage encryption
More information about the openssh-unix-dev
mailing list