From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <arno@wagner.name>
Received: from v1.tansi.org (mail.tansi.org [84.19.178.47])
 by mail.server123.net (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Tue,  4 Sep 2018 17:53:54 +0200 (CEST)
Received: from gatewagner.dyndns.org (unknown [212.51.156.222])
 by v1.tansi.org (Postfix) with ESMTPA id 0E347140299
 for <dm-crypt@saout.de>; Tue,  4 Sep 2018 17:53:24 +0200 (CEST)
Date: Tue, 4 Sep 2018 17:53:53 +0200
From: Arno Wagner <arno@wagner.name>
Message-ID: <20180904155353.GA13223@tansi.org>
References: <7d665e737009eb0fc23e27b1a0d92686ac7766ca.camel@scientia.net>
 <92170563-5d45-1e5b-2171-5dbe4cc5b8b9@gmail.com>
 <4f3d7334b750aa0740b4b32de8f5a25797ee029d.camel@scientia.net>
 <3024b983-4fb6-822c-94f4-214b2f5f45f8@gmail.com>
 <057603b335d18e20d69822a9f9e1b37a8512c32a.camel@scientia.net>
 <5903f0a7-93a9-0066-f0f8-bbd6d66a1db5@gmail.com>
 <4dfe02059c02f38381ab16ee5b96716fe46cf51a.camel@scientia.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4dfe02059c02f38381ab16ee5b96716fe46cf51a.camel@scientia.net>
Subject: Re: [dm-crypt] some questions on dm-crypt/cryptsetup and
 LUKS2+integrity
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Tue, Sep 04, 2018 at 14:49:29 CEST, Christoph Anton Mitterer wrote:
> On Mon, 2018-09-03 at 09:48 +0200, Milan Broz wrote:
> > sorry for long delay, I was most of the time offline.
> Thanks, and no worries :-)
> 
> 
> > On 19/08/18 19:27, Christoph Anton Mitterer wrote:
> > > - ChaCha20 seems to have all 128 bit IV... but is this correct?
> > > I've
> > >   modpobed chacha20poly1305 ... but at least ther's no reference to
> > >   poly1305 in /proc/crypto
> > 
> > No, we use RFC7539 wrapper for Chacha20-poly1305 and here the nonce
> > is
> > only 96bit.
> > 
> > So the same probability of collision as in GCM, just a nonce
> > collision
> > does not cause such fatal failure as in GCM.
> 
> Are there any plans to provide ChaCha20/Poly1305 with larger nonces in
> the future?

I don't think that is a concern. 96bit, even if randomly chosen, 
is unlikely to collide in the remaining lifetime of this star-system.

Regards,
Arno

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier