2013.11.22 03:16:19 (403708492193607680) from Daniel J. Bernstein, replying to "Solar Designer (@solardiz)" (403619386202013696):
Chromium should fix the code, but is there actually a security issue? Doesn't the protocol limit stream size to packet size? @solardiz
2013.11.21 21:22:15 (403619386202013696) from "Solar Designer (@solardiz)":
Authors have dropped a 0-day on page 9. ;-) Vector implementation of ChaCha20 in NSS/OpenSSL in Chromium will reuse keystream after 256 GB.