OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein

← Back to Stories (view on slashdot.org)

OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein

Posted by Unknown on Wednesday December 11, 2013 @05:52AM from the cha-cha-cha dept.

First time accepted submitter ConstantineM writes "Inspired by a recent Google initiative to adopt ChaCha20 and Poly1305 for TLS, OpenSSH developer Damien Miller has added a similar protocol to ssh, chacha20-poly1305@openssh.com, which is based on D. J. Bernstein algorithms that are specifically optimised to provide the highest security at the lowest computational cost, and not require any special hardware at doing so. Some further details are in his blog, and at undeadly. The source code of the protocol is remarkably simple — less than 100 lines of code!"

11 of 140 comments (clear)

Min score:

Reason:

Sort:

100 lines is meaningless by Guspaz · 2013-12-11 05:59 · Score: 4, Insightful

The referenced source file has no actual implementation of the encryption in it, so claiming 100 lines is a bit silly...
1. Re:100 lines is meaningless by hawguy · 2013-12-11 06:51 · Score: 5, Insightful
  
  The referenced source file has no actual implementation of the encryption in it, so claiming 100 lines is a bit silly...
  Using their metric of excluding the function calls that do the real work, OpenSSL only needs one line of source code to encrypt a file:
  
  #!/bin/bash
  openssl enc -aes-256-cbc -salt -in somefile.txt -out somefile.txt.enc
2. Re:100 lines is meaningless by lgw · 2013-12-11 06:52 · Score: 4, Funny
  
  And being DJB, surely some of that 300 lines is comments insulting all his fellow cryptographers, the users, and generally complaining that the world is full of idiots?
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
3. Re:100 lines is meaningless by punman · 2013-12-11 06:53 · Score: 4, Interesting
  
  I read through the implementation presented and the additional ~200 lines of code for each of the authentication (poly1305) and encryption (chacha.c) pieces of this protocol. Coming from the perspective of an experienced coder but relative crypto novice this just looks like a very sophisticated shifting algorithm (like ROT13, on steroids) keyed on the TCP sequence number. Is this considered acceptable security for a data stream? I'm honestly curious, I haven't played around with crypto functions very much.
4. Re:100 lines is meaningless by Anonymous Coward · 2013-12-11 07:05 · Score: 5, Informative
  
  That's how you do a try...finally block in C.
Pastebin mirror of code by Anonymous Coward · 2013-12-11 06:02 · Score: 5, Informative

http://pastebin.com/3YaRWXFs
1. Re:Pastebin mirror of code by damaki · 2013-12-11 06:24 · Score: 4, Informative
  
  Wow it's less 100 lines (excluding chacha_ivsetup, chacha_encrypt_bytes AND poly1305_auth). So I guess it's not 100 lines...
  
  --
  Stupidity is the root of all evil.
Thank you Damien by flyingfsck · 2013-12-11 06:10 · Score: 4, Funny

This is great news.

--
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Re:Does DJB insist that the library ... by Anonymous Coward · 2013-12-11 06:29 · Score: 5, Informative

/var is meant for variable content. Such as the mail spool and tmp directory. Data on this filesystem often comes from external sources such as email. It is recommended for this file system to be mounted with noexecute flag to reduce the likelihood of a downloaded data to be executed.
Having binaries on /var means that this filesystem can not be mounted with this option and therefor reduces security a bit.
Re:lame name by Anonymous Coward · 2013-12-11 06:41 · Score: 5, Informative

SSH extensions are all specified by ASCII names. Standard extensions have names like "shell", "x11", and "port-forward", while vendor-specific extensions use names like "foo@openssh.com" or "bar@putty.org" so there's no naming collision risk.
Re:Does DJB insist that the library ... by Aighearach · 2013-12-11 06:46 · Score: 5, Informative

Because on production servers it is common to have var on it's own partition, and that is the filesystem that holds the logs, which an attacker can cause data to be written to. Also it has to be writable by the running services, and allowing services to write and execute new binaries is a step in many attacks. So it is a typical thing a sysadmin wants to do, to prevent executing code there.
That said, the distro I'm using puts the executables under /usr regardless of where the upstream developer wants them to go. That isn't a decision for the app, it is one for the distro.