[tahoe-dev] Using a cipher cascade

David-Sarah Hopwood david-sarah at jacaranda.org
Tue Jan 5 05:54:34 UTC 2010


David-Sarah Hopwood wrote:
> Note that with this approach, the extended nonce in XSalsa
> (http://cr.yp.to/snuffle/xsalsa-20081128.pdf) isn't really necessary.
> Using plain Salsa20/20 (even with a zero nonce, or by deriving the
> nonce in the same way as the key), might reduce implementation complexity.

Deriving the nonce in the same way as the key (and similarly the IV for
AES CTR mode) is better. This can only help against cryptanalytic attacks,
and is almost free in terms of performance and implementation complexity.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20100105/de8551db/attachment.asc>


More information about the tahoe-dev mailing list