I'd really appreciate a reply to this.
Mark
On 26-01-2020 14:01, Mark Rotteveel wrote:
The RFC-8439 specification of ChaCha20 defines only a 256 bit key, but
the way the Srp authentication protocol in Firebird works, will generate
a 160 bit key. Looking through the implementation in Firebird, this will
result in using a 128 bit key (the first 128 bits of the key).
However, as RFC-8439 specifies a 256 bit key, a lot of implementations
of ChaCha20 only support a 256 bit key. As a result, I think
interoperability will be hard.
In the 128 bit variant, the first bytes of the initialization are (see
[1]):
"expand 16-byte k"
and the key is repeated to get a length of 256 bit, while in the 256 bit
variant the first bytes are:
"expand 32-byte k"
Maybe instead the key should be stretched to 256 bit (eg using SHA256)
instead? This would ensure that a 256 bit key is always used, and allows
interoperability with implementations that only support 256 bit keys.
In addition, this would reduce key length for auth plugins generating
longer keys while not just discarding bits.
Mark
[1]:
https://github.com/libtom/libtomcrypt/blob/develop/src/stream/chacha/chacha_setup.c#L19
--
Mark Rotteveel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
