diff options
Diffstat (limited to 'bip-0151.mediawiki')
| -rw-r--r-- | bip-0151.mediawiki | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/bip-0151.mediawiki b/bip-0151.mediawiki index 793c244..8bc1197 100644 --- a/bip-0151.mediawiki +++ b/bip-0151.mediawiki @@ -85,7 +85,7 @@ a 64 bit nonce and a 64 bit counter into 64 bytes of output. This output is used Poly1305, also by Daniel Bernstein [4], is a one-time Carter-Wegman MAC that computes a 128 bit integrity tag given a message and a single-use 256 bit secret key. -The chacha20-poly1305@openssh.com specified and defined by openssh [5] combines these two primitives into an authenticated encryption mode. The construction used is based on that proposed for TLS by Adam Langley [6], but differs in the layout of data passed to the MAC and in the addition of encyption of the packet lengths. +The chacha20-poly1305@openssh.com specified and defined by openssh [5] combines these two primitives into an authenticated encryption mode. The construction used is based on that proposed for TLS by Adam Langley [6], but differs in the layout of data passed to the MAC and in the addition of encryption of the packet lengths. <code>K_1</code> must be used to only encrypt the payload size of the encrypted message to avoid leaking information by revealing the message size. |