Hi, On Fri, Dec 23, 2016 at 09:15:28PM +0100, Jason A. Donenfeld wrote: > * cookies: use xchacha20poly1305 instead of chacha20poly1305 > > This is a big change. To simplify the security analysis, improve speed, and > simplify the code, we now use XChaChaPoly1305 with a random 24-byte nonce, > instead of using a random 32-byte salt.
- Is this backwards compatible? - Could you provide references describing XChaCha20Poly1305 and the differences with ChaCha20Poly1305? - What part of the protocol does this change? Is it just the initial key exchange? Thanks, Baptiste
signature.asc
Description: PGP signature
_______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
