David Benjamin

Yeah, to be honest, I often find VS code's tooltips to be a bit hectic. I'm sure it's confirmation bias, but it feels like it's never there when I want...

I think the right way to think about this is that IETF ChaCha20 and 64/64 ChaCha20 are related but different primitives. It is unfortunate that they have the same name,...

Also keep in mind that wanting to start the block counter at a high value like you're suggesting doesn't make much sense. So while they are formally different primitives, if...

There _can_ be a reason to specify the counter if you're trying to reserve some counter values for miscellaneous things (as the AEAD does), or resuming a stream across two...

Arguably the spec doesn't actually say you're supposed to wraparound. Though it mostly doesn't say anything either way: > ChaCha20 successively calls the ChaCha20 block function, with the > same...

> The RFC is not prescriptive about the counter's initial value (it suggests 0 or 1, but only as a suggestion), so emphasizing that the counter's increment is defined modulo...

Being loose with pointers isn't allowed in C/C++. Calling a function pointer through the wrong type is undefined behavior, and the compiler is allowed to generate code as if it...

I'm not exactly sure what partitioning means, or what it'd mean for the TLS 1.3 code to use `take()`. (The client doesn't know what version will be used yet. This...

Do note this discussion from the TLSWG https://mailarchive.ietf.org/arch/msg/tls/6y8wTv8Q_IPM-PCcbCAmDOYg6bM/

Another bug with the current documentation is it implies you need only avoid reuse on the full 128-bit nonce: > nonce – Should be unique, a [nonce](https://cryptography.io/en/latest/glossary/#term-nonce). It is critical...