Lines Matching +full:one +full:- +full:wire

1 This document describes the chacha20-poly1305@openssh.com authenticated
5 ----------
12 Poly1305[2], also by Daniel Bernstein, is a one-time Carter-Wegman MAC
13 that computes a 128 bit integrity tag given a message and a single-use
16 The chacha20-poly1305@openssh.com combines these two primitives into an
23 -----------
25 The chacha20-poly1305@openssh.com offers both encryption and
27 chacha20-poly1305@openssh.com cipher is selected in key exchange,
32 ---------------------
34 The chacha20-poly1305@openssh.com cipher requires 512 bits of key
49 the MAC. By using an independently-keyed cipher instance to encrypt the
57 uint64 under the SSH wire encoding rules and a ChaCha20 block counter of
58 zero. The K_2 ChaCha20 block counter is then set to the little-endian
63 ---------------
68 encoded as a uint64 under the usual SSH wire encoding and a zero block
72 before decryption. A per-packet Poly1305 key is generated as described
75 MAC is then compared in constant time with the one appended to the
85 --------
91 is followed, then chacha20-poly1305@openssh.com requires no special
95 ----------
98     http://cr.yp.to/chacha/chacha-20080128.pdf
100 [2] "The Poly1305-AES message-authentication code", Daniel Bernstein
101     http://cr.yp.to/mac/poly1305-20050329.pdf
104     http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03