-
Notifications
You must be signed in to change notification settings - Fork 423
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CryptoRng marker trait to ChaChaXCore #944
Conversation
|
Yes, I k ow that. You cannot use that struct with ReseedingRng though. If
you want to make a reseeding chacha rng you cannot make one that implements
CryptoRng today. You could do this in Rand 0.6.
…On Sat, Mar 7, 2020, 1:15 PM bjorn3 ***@***.***> wrote:
$ChaChaXRng does implement CryptoRng.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#944?email_source=notifications&email_token=AAEPMN2SO7FC35XO32O4CI3RGKTN5A5CNFSM4LDSAKG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEOEENSQ#issuecomment-596133578>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEPMN6YGLKFI56EZNQTHSDRGKTN5ANCNFSM4LDSAKGQ>
.
|
I think it would make sense to implement this only for the 12-round+ versions (i.e. not ChaCha8Rng / Core). @newpavlov do you agree? |
#932 points out that even chacha8
is secure, but it doesn't matter to me. If chacha8rng has it, the core
should as well. Maybe removing those in 0.8?
Seems like with reseeding, based on that paper, chacha8 would be
satisfactory?
…On Sun, Mar 8, 2020, 8:05 AM Diggory Hardy ***@***.***> wrote:
I think it would make sense to implement this only for the 12-round+
versions (i.e. not ChaCha8Rng / Core). @newpavlov
<https://github.com/newpavlov> do you agree?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#944?email_source=notifications&email_token=AAEPMN647EL7CP6O3ME6YDTRGOQZBA5CNFSM4LDSAKG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEOEW4OI#issuecomment-596209209>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEPMNYIQ64Z3NZMDFVIABLRGOQZBANCNFSM4LDSAKGQ>
.
|
As far as I know, ChaCha8 is secure (i.e. unbroken today). That is not the same as being recommended for use in cryptography: it has only a low margin of security. @tarcieri may like to comment, but IMO we shouldn't recommend ChaCha8 for cryptography, which is roughly what |
The "Too Much Crypto" paper recommended it, but it is debatable. (FWIW, the paper's author also co-authored the paper with the best known attack on ChaCha*) The best known attack reduces ChaCha7 from 256-bits symmetric security to ~247-bits. There are no known attacks against ChaCha8. Personally I think it's ok to consider it a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fair enough. In that case, I approve this PR.
Add CryptoRng marker trait to ChaChaXCore
Fixes #943.