EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Support for ChaCha20/Poly1305 authenticated encryption mode in SSH and TLS

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#30181
Posted: 07/31/2014 15:20:29
by VoxPopuli Robot  (EldoS Corp.)

ChaCha20 is a stream cipher designed by Daniel Bernstein. It operates by permuting 128 fixed bits, 128 or 256 bits of key, a 64 bit nonce and a 64 bit counter into 64 bytes of output. This output is used as a keystream, with any unused bytes simply discarded.

Poly1305, also by Daniel Bernstein, is a one-time Carter-Wegman MAC that computes a 128 bit integrity tag given a message and a single-use 256 bit secret key.

The chacha20-poly1305@openssh.com combines these two primitives into an authenticated encryption mode. The construction used is based on that proposed for TLS by Adam Langley, but differs in the layout of data passed to the MAC and in the addition of encyption of the packet lengths.

http://bxr.su/OpenBSD/usr.bin/ssh/PRO...20poly1305
http://tools.ietf.org/html/draft-agl-...oly1305-01
http://tools.ietf.org/html/draft-mavr...cha-tls-02
http://googleonlinesecurity.blogspot....https.html

If you like the idea, vote for it on https://www.eldos.com/sbb/wishlist.php
#30391
Posted: 08/17/2014 09:41:36
by Eugene Mayevski (EldoS Corp.)

We implement only those algorithms which are accepted as standards. Drafts in many cases don't get such status, and implementing all drafts would be waste of time. But if the algorithms becomes a standard, we surely implement it in order to maintain maximum standard compliance.


Sincerely yours
Eugene Mayevski
#30715
Posted: 09/12/2014 19:48:41
by Charles DeWeese (Standard support level)
Joined: 04/17/2008
Posts: 52

Typically I would agree with that logic, Many drafts end up going no-where and its a waste of time and resources implementing something that is only used by less than 1%

However lately chacha20-poly1305 is becoming all the rave, due to its strength and speed. I plan on deploying chacha20-poly1305 on my web server for HTTPS in the coming weeks.

That being said I would love to see someone reconsider chacha20-poly1305 for the next SecureBlackBox update. The OpenSSL guys already have it in the latest dev snapshot but no official stable release. It would be great if SSB could introduce support or at least start on it.

I personally don't do much mobile development but I see chacha20-poly1305 being a game changer for secure communication for mobile devices.

http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html
#31896
Posted: 01/13/2015 10:57:05
by Christian Hermann (Standard support level)
Joined: 06/07/2014
Posts: 3

What`s the state of this feature?

Is there a chance to get this in 2015?
#31897
Posted: 01/13/2015 11:05:32
by Eugene Mayevski (EldoS Corp.)

It has been added to the ToDo list. There's a good chance to have it in '2015.


Sincerely yours
Eugene Mayevski
#32036
Posted: 01/29/2015 05:59:32
by VoxPopuli Robot  (EldoS Corp.)

Idea status has been changed to Planned
#33778
Posted: 06/25/2015 01:00:29
by VoxPopuli Robot  (EldoS Corp.)

Idea status has been changed to In progress
#33779
Posted: 06/25/2015 01:08:20
by Christian Hermann (Standard support level)
Joined: 06/07/2014
Posts: 3

good news!
#33782
Posted: 06/25/2015 01:14:26
by Eugene Mayevski (EldoS Corp.)

The algorithms have been implemented, now we are adding them to SSH with TLS to follow.


Sincerely yours
Eugene Mayevski
#33783
Posted: 06/25/2015 01:23:03
by Christian Hermann (Standard support level)
Joined: 06/07/2014
Posts: 3

Is there already a release date?
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 3893 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!