On 2020-01-31 11:05, Mark Rotteveel wrote:
I'd really appreciate a reply to this.
Sorry Mark, a bit busy with another issue (decfloat - related). Will
answer soon.
Mark
On 26-01-2020 14:01, Mark Rotteveel wrote:
The RFC-8439 specification of ChaCha20 defines only a 256 bit key,
but the way the Srp authentication protocol in Firebird works, will
generate a 160 bit key. Looking through the implementation in
Firebird, this will result in using a 128 bit key (the first 128 bits
of the key).
However, as RFC-8439 specifies a 256 bit key, a lot of
implementations of ChaCha20 only support a 256 bit key. As a result,
I think interoperability will be hard.
In the 128 bit variant, the first bytes of the initialization are
(see [1]):
"expand 16-byte k"
and the key is repeated to get a length of 256 bit, while in the 256
bit variant the first bytes are:
"expand 32-byte k"
Maybe instead the key should be stretched to 256 bit (eg using
SHA256) instead? This would ensure that a 256 bit key is always used,
and allows interoperability with implementations that only support
256 bit keys.
In addition, this would reduce key length for auth plugins generating
longer keys while not just discarding bits.
Mark
[1]:
https://github.com/libtom/libtomcrypt/blob/develop/src/stream/chacha/chacha_setup.c#L19
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
