[tahoe-dev] Using a cipher cascade
David-Sarah Hopwood
david-sarah at jacaranda.org
Mon Jan 4 21:54:34 PST 2010
David-Sarah Hopwood wrote:
> Note that with this approach, the extended nonce in XSalsa
> (http://cr.yp.to/snuffle/xsalsa-20081128.pdf) isn't really necessary.
> Using plain Salsa20/20 (even with a zero nonce, or by deriving the
> nonce in the same way as the key), might reduce implementation complexity.
Deriving the nonce in the same way as the key (and similarly the IV for
AES CTR mode) is better. This can only help against cryptanalytic attacks,
and is almost free in terms of performance and implementation complexity.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
Url : http://allmydata.org/pipermail/tahoe-dev/attachments/20100105/de8551db/attachment.pgp
More information about the tahoe-dev
mailing list