EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Support for ChaCha20/Poly1305 authenticated encryption mode in SSH and TLS

Posted: 07/31/2014 15:20:29
by VoxPopuli Robot  (Team)

ChaCha20 is a stream cipher designed by Daniel Bernstein. It operates by permuting 128 fixed bits, 128 or 256 bits of key, a 64 bit nonce and a 64 bit counter into 64 bytes of output. This output is used as a keystream, with any unused bytes simply discarded.

Poly1305, also by Daniel Bernstein, is a one-time Carter-Wegman MAC that computes a 128 bit integrity tag given a message and a single-use 256 bit secret key.

The chacha20-poly1305@openssh.com combines these two primitives into an authenticated encryption mode. The construction used is based on that proposed for TLS by Adam Langley, but differs in the layout of data passed to the MAC and in the addition of encyption of the packet lengths.


If you like the idea, vote for it on https://www.eldos.com/sbb/wishlist.php
Posted: 08/17/2014 09:41:36
by Eugene Mayevski (Team)

We implement only those algorithms which are accepted as standards. Drafts in many cases don't get such status, and implementing all drafts would be waste of time. But if the algorithms becomes a standard, we surely implement it in order to maintain maximum standard compliance.

Sincerely yours
Eugene Mayevski
Posted: 09/12/2014 19:48:41
by Charles DeWeese (Standard support level)
Joined: 04/17/2008
Posts: 53

Typically I would agree with that logic, Many drafts end up going no-where and its a waste of time and resources implementing something that is only used by less than 1%

However lately chacha20-poly1305 is becoming all the rave, due to its strength and speed. I plan on deploying chacha20-poly1305 on my web server for HTTPS in the coming weeks.

That being said I would love to see someone reconsider chacha20-poly1305 for the next SecureBlackBox update. The OpenSSL guys already have it in the latest dev snapshot but no official stable release. It would be great if SSB could introduce support or at least start on it.

I personally don't do much mobile development but I see chacha20-poly1305 being a game changer for secure communication for mobile devices.

Posted: 01/13/2015 10:57:05
by Christian Hermann (Standard support level)
Joined: 06/07/2014
Posts: 3

What`s the state of this feature?

Is there a chance to get this in 2015?
Posted: 01/13/2015 11:05:32
by Eugene Mayevski (Team)

It has been added to the ToDo list. There's a good chance to have it in '2015.

Sincerely yours
Eugene Mayevski
Posted: 01/29/2015 05:59:32
by VoxPopuli Robot  (Team)

Idea status has been changed to Planned
Posted: 06/25/2015 01:00:29
by VoxPopuli Robot  (Team)

Idea status has been changed to In progress
Posted: 06/25/2015 01:08:20
by Christian Hermann (Standard support level)
Joined: 06/07/2014
Posts: 3

good news!
Posted: 06/25/2015 01:14:26
by Eugene Mayevski (Team)

The algorithms have been implemented, now we are adding them to SSH with TLS to follow.

Sincerely yours
Eugene Mayevski
Posted: 06/25/2015 01:23:03
by Christian Hermann (Standard support level)
Joined: 06/07/2014
Posts: 3

Is there already a release date?



Topic viewed 4636 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!