Skip to content

Instantly share code, notes, and snippets.


  • Frankfurt, Germany
Block or report user

Report or block CodesInChaos

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View Hkdf.cs
class Hkdf
Func<byte[],byte[],byte[]> keyedHash;
public Hkdf()
var hmac = new HMACSHA256();
keyedHash = (key, message)=>
View gist:8374632

While visiting 30c3, I attended the You-broke-the-Internet workshop on NaCl.

One thing mentioned in the talk was that auditing crypto code is a lot of work, and that this is one of the reasons why Ed25519 isn't included in NaCl yet (they promised a version including it for 2014). The speakers mentioned a bug in the amd64 assembly implementation of Ed25519 as an example of a bug that can only be found by auditing, not by randomized tests. This bug is caused by a carry being added in the wrong place, but since that carry is usually zero, the bug is hard to fint (occurs with probability 2^{-60} or so).

The TweetNaCl paper briefly mentions this bug as well:

Partial audits have revealed a bug in this software (r1 += 0 + carry should be r2 += 0 + carry in amd64-64-24k) that would not be caught by random tests; this illustrates the importance of audits.

View Code
function LoginHash(string password, byte[] salt, int memSize, int queryCount, int maxParallelism)
return KDF(password, salt, memSize, queryCount, maxParallelism, "LoginVerification", 16)
function KDF(string password, byte[] salt, int memSize, int queryCount, int maxParallelism, string info, int outputSize)
masterKey = ComputeMasterKey(password, salt, memSize, queryCount, maxParallelism)
return HKDF-Expand(masterKey, info, outputSize) // For short outputs this is simply HMAC-SHA-256(masterKey, info || 0x01).Truncate(outputSize)
function ComputeMasterKey(string password, byte[] salt, int memSize, int queryCount, int maxParallelism)
requires memSize mod 16 = 0
requires memSize > 0
CodesInChaos / ArrayHelpers.cs
Created Jul 25, 2012
Base58 encoding in C# (Used for BitCoin addresses)
View ArrayHelpers.cs
using System;
using System.Diagnostics.Contracts;
using System.Linq;
namespace Merkator.Tools
public class ArrayHelpers
public static T[] ConcatArrays<T>(params T[][] arrays)
CodesInChaos / Curve25519Donna.cs
Created Jul 13, 2012
C# implementation of Curve25519
View Curve25519Donna.cs
using System;
using limb = System.Int64;
/* C# port by CodesInChaos
* ported from
* The original c code is BSD licensed (original license reproduced below)
* I put my contributions from porting in the public domain
* /
/* Copyright 2008, Google Inc.
You can’t perform that action at this time.