Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about nonce size in xchacha20poly1305 #580

Closed
sinolopes opened this issue Feb 19, 2024 · 2 comments
Closed

Question about nonce size in xchacha20poly1305 #580

sinolopes opened this issue Feb 19, 2024 · 2 comments

Comments

@sinolopes
Copy link

sinolopes commented Feb 19, 2024
edited
Loading

Hello,

I noticed that in the xchacha20poly1305 library version 0.10.1, the nonces used are 19 bytes long, whereas the XChaCha20-Poly1305 specification (RFC 7539) recommends nonces of 24 bytes. Why was this difference in nonce size chosen in this particular implementation?

I'm curious to understand the reasons behind this choice and whether there are specific security, performance, or interoperability considerations that led to this decision.

Thank you for your time and clarification on this matter.

let nonce: [u8; 19] = generate_nonce();

///should work with this code:
///let nonce: [u8; 24] = generate_nonce();

let key: [u8; 32] = generate_key();
let aead = XChaCha20Poly1305::new(key.as_ref().into());

let mut stream_encryptor = stream::EncryptorBE32::from_aead(aead, nonce.as_ref().into());
@tarcieri
Copy link
Member

The STREAM encryptor manages a portion of the nonce for you. Namely the “BE32” flavor of STREAM uses a 32-bit counter and 1-byte last block flag. 24 - 4 - 1 = 19

@sinolopes
Copy link
Author

thank you very much for your response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tarcieri @sinolopes