Advisories for Golang/Github.com/Flynn/Noise package

2022

Noise vulnerable to uncontrolled resource consumption

The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an …

Improper nonce handling: potential overflow, potential state DoS

The Go package github.com/flynn/noise, a Noise Protocol implementation, has two bugs in nonce handling in versions prior to v1.0.0. Issue 1: Potential nonce overflow If 2^64 (~18.4 quintillion) or more messages are encrypted with Encrypt after handshaking, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce, resulting in a potentially catastrophic weakening of the security properties of the symmetric cipher. This …