Hacker News new | past | comments | ask | show | jobs | submit login

The author seems to favor XChaCha20 over ChaCha20, even though XChaCha20 is not part of any formal standard or any widely know paper. [1] It would be interesting to know what DJB (the author of ChaCha20) thinks about XChaCha20 and related variants.

[1] http://crypto.stackexchange.com/a/34605




I took some liberty here, but this is a straightforward derivation of XSalsa20. I trust XChacha20 just as strongly as I trust Chacha20.

The same cannot be said about my implementation however. I haven't found test vectors for XChacha20, so for now I have to rely on code review (only my own eyes so far) to ascertain its correctness. Not ideal.

Also I don't favour XChacha20 over Chacha20, because it is slightly slower to initialise. If a 64-bit nonce is enough, I'll use Chacha20. Maybe I should make this clear in my article.


Well, NaCl (DJB's encryption library) uses XChaCha20, doesn't it?

Edit: Nope, it's XSalsa20.


NaCl provides Salsa20 and XSalsa20 (https://nacl.cr.yp.to/stream.html).

libsodium adds ChaCha20 (https://download.libsodium.org/doc/advanced/chacha20.html) but not XChaCha20.


That's coming soon: https://github.com/jedisct1/libsodium/blob/master/src/libsod...


ugh, an extra ietf variant that pads the remaining 64-bit from the nonce to fit 96 bit thats incompatible with all the implementations out there... :-(

why can't we get our shit together...


NaCl supports several secret key encryption algorithms: http://nacl.cr.yp.to/stream.html

aes-128 in counter mode, Salsa20 with 8, 12 and 20 rounds and XSalsa with 20 rounds.

Som other implementations of NaCl/Sodium have restricted the different algs. TweekNaCl only supports XSalsa20 and Salsa20.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: