[ 3 / biz / cgl / ck / diy / fa / ic / jp / lit / sci / vr / vt ] [ index / top / reports ] [ become a patron ] [ status ]
2023-11: Warosu is now out of extended maintenance.

/biz/ - Business & Finance


View post   

File: 271 KB, 768x768, 1542667111821.jpg [View same] [iqdb] [saucenao] [google]
13107213 No.13107213 [Reply] [Original]

BREAKING NEWS: Vulnerability in golang.org/x/crypto/salsa20

>Hello gophers,

>Commit b7391e95 (https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d)) fixes a vulnerability in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages that affects large message sizes or high counter values.

>If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

>The issue might affect uses of golang.org/x/crypto/nacl with extremely large messages.

>Architectures other than amd64 and uses that generate less than 256 GiB of keystream for a single salsa20.XORKeyStream invocation are unaffected.

>The vulnerable code is derived from the amd64-xmm5 and amd64-xmm6 implementations that are distributed with SUPERCOP, NaCl and at https://cr.yp.to/snuffle.html.. The issue is present in those upstreams, but is not considered a problem by their author because of the policy at https://nacl.cr.yp.to/valid.html, and because support for counters larger than 32 bits is an incomplete experiment. We attach a patch that applies to the amd64-xmm5 and amd64-xmm6 salsa20.s files for any downstream that might want to fix this issue.

>This issue was discovered and reported by Michael McLoughlin.

>Cheers, Filippo for the Go team

https://groups.google.com/forum/#!msg/golang-announce/tjyNcJxb2vQ/n0NRBziSCAAJ

Daniel J. Bernstein responds

https://twitter.com/hashbreaker/status/1108637226089496577

tl;dr Gophers copy Salsa20 code from SUPERCOP, ignore warning that shit breaks after 256GiB

>> No.13107273
File: 3.57 MB, 3994x2244, 23D9BB7E-E99D-4168-8D2B-99789FC96993.jpg [View same] [iqdb] [saucenao] [google]
13107273

This is the most technical post on biz in years. Have a bump. Stay stinky. $1,000 EOY

>> No.13107313

WE ARE ALL IN THIS TOGETHER !!!!

>> No.13107315

Does Chainlink utilize ketchup packets larger than 256GiB? I need to return some videotapes and CBA to check right meow.

>> No.13107336

same in english?

>> No.13107346

>>13107336
we're fucked until they fix this

>> No.13107352

>>13107346
shit man

>> No.13107354

KEK
and linkies still fucking think mainnet comes out 2019??? These are deep core mechanics that are malicious. It ain't a simple fix.

>> No.13107355

EXPLAIN FOR BRAINLETS IS FUNDS SAFU ?

>> No.13107365

>>13107346
Why would you assume Thomas would copy/paste code from Salsa20 without first reading the file name? You know he posts here, right? Delete that before he sees it.

>> No.13107397

>>13107213
it's literally, unironically, without doubt or deviation, over.

>> No.13107398

>>13107213
This is above my brain level. I sure hope someone smart fixes it lol

>> No.13107406

LOL imagine investing in a real crypto project. all the money is in scams where u sell before anything is even realised.

>> No.13107411

>>13107213
WHAT THE ACTUAL FUCK? I knew that they weren't good at coding, but I learnt about this issue in my coding course for starters

>> No.13107956

bump does this even have anything to do with LINK lol

>> No.13107969

ok I just sold...

>> No.13108024

>>13107213
thanks just bought 100k

>> No.13108037

I """INVESTED""" IN THE 3RD INDUSTRIAL REVOLUTION, NOT JARS OF FUCKING SALSA, SIRGAY!!!!!!

>> No.13108042

>>13108037
Packets you philistine, packets! Salsa comes in packets!

>> No.13108050

>>13107213
Explain this shit

>> No.13108124

>>13108042
Salsa packets is bullish, i’m all in b/c of coffee cup parity, and i put salsa on my eggs every morning. Salsa and coffee cups for life is what I considered making it

>> No.13108155

>>13108124
I prefers the delicious tomato soup packets McDonalds provides, complimentary I might add, with every Happy Meal.

>> No.13108549
File: 170 KB, 832x1024, DmUIo95WwAAUDrB.jpg [View same] [iqdb] [saucenao] [google]
13108549

(((Bernstein)))