Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

avoid nonce reuse for large payloads #11

Merged
merged 2 commits into from Feb 8, 2023
Merged

avoid nonce reuse for large payloads #11

merged 2 commits into from Feb 8, 2023

Conversation

CluEleSsUK
Copy link
Contributor

due to using a counter size of 32bits in the stream cipher, only up to 256TB may be encrypted before a nonce reuse would occur. This solution checks if the counter has reached the limit on every increment.
This may add overhead or may be free on some engines and I haven't benchmarked it

@CluEleSsUK CluEleSsUK marked this pull request as draft December 20, 2022 18:50
@CluEleSsUK
Copy link
Contributor Author

Converting to a draft so nobody merges it until I'll I've done some perf testing

@CluEleSsUK CluEleSsUK mentioned this pull request Jan 9, 2023
Closed
@CluEleSsUK CluEleSsUK linked an issue Jan 9, 2023 that may be closed by this pull request
tlock-js: stream cipher encryption nonce reuse drand/tlock#40
Closed
@CluEleSsUK
avoid nonce reuse for large payloads
843389a 
due to using a counter size of 32bits in the stream cipher, only up to
256TB may be encrypted before a nonce reuse would occur.
This solution checks if the counter has reached the limit on every
increment.
This _may_ add overhead or _may_ be free on some engines and I haven't
benchmarked it
@CluEleSsUK
Copy link
Contributor Author

CluEleSsUK commented Jan 23, 2023
edited

So I've successfully tested this with a payload of 2^28 chars. Theoretically V8 should be able to handle 2^29 - 24 chars, but when I try with this I get the error Error: Cannot create a string longer than 0x1fffffe8 characters... which equates to 2^29 -24 haha. Tried a few lower just in case it's a funky bounds check, but to no avail.

Either way, I think this is a reasonable limitation for now.

If people have a use case for encrypting massive payloads they may have to resort to the go lib or do some fiddling themselves.

@CluEleSsUK CluEleSsUK marked this pull request as ready for review January 23, 2023 09:00
AnomalRoil
AnomalRoil approved these changes Feb 8, 2023
View reviewed changes
src/age/stream-cipher.ts Outdated Show resolved Hide resolved
@AnomalRoil AnomalRoil merged commit 9057474 into master Feb 8, 2023
@AnomalRoil AnomalRoil deleted the fix/nonce-reuse branch February 8, 2023 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AnomalRoil AnomalRoil AnomalRoil approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

tlock-js: stream cipher encryption nonce reuse
2 participants
@CluEleSsUK @AnomalRoil