On Tue, Sep 10, 2013 at 10:59 PM, William Allen Simpson
wrote:
> I suggest:
>
>ChaCha20 is run with the given key and sequence number nonce and with
>
>the two counter words set to zero. The first 32 bytes of the 64 byte
>output are saved to become the one-time key for Poly1305. The
[attempt two, because I bounced off the mailing list the first time.]
On Tue, Sep 10, 2013 at 9:35 PM, William Allen Simpson
wrote:
>ChaCha20 is run with the given key and nonce and with the two counter
>words set to zero. The first 32 bytes of the 64 byte output are
>saved to become
On Wed, Sep 11, 2013 at 12:43 PM, William Allen Simpson
wrote:
> Thanks, this part I knew, although it would be good explanatory text to
> add to the draft.
Done.
> My old formulation from CBCS was developed during the old IPsec
> discussions. It's just simpler and faster to xor the per-packet
