paragonie-security
commented
2 years ago It's always supposed to be 32 bytes (256 bits).
Closed brycx closed 2 years ago
paragonie-security
commented
2 years ago It's always supposed to be 32 bytes (256 bits).
paragonie-security
commented
2 years ago We've made this explicit, rather than leaving developers to guess about this.
https://github.com/paseto-standard/paseto-spec/commit/500ef6730358e29c0d22836a17f22ba42de32ba4 + https://github.com/paseto-standard/paseto-spec/commit/09c3c5dc586fd4b7d6e21f3dd7c9e66c86270ed0
brycx
commented
2 years ago Thank you!
In
v2.localthe symmetric key, provided by the user, is passed directly to XChaCha20-Poly1305. This gives the key an implicit requirement of being 32 bytes in length. Inv4.local, the symmetric key is instead passed to BLAKE2b which supports keys in range of1..=64.I have so far not been able to find any place where the expected length of a symmetric key for
v4.localis defined. Is this intended to remain 32 as withv2.localor should an implementer support that which BLAKE2b does?Checking the PHP implementation, it seems to expect 32:
https://github.com/paragonie/paseto/blob/0d3558824bf77af36ad0cd6e4bb69dbd90ace3c9/src/Protocol/Version4.php#L52
In any case, I believe this could be worthwhile mentioning in the spec of Version 4. Or, perhaps, I've missed something obvious?