All Questions
4
questions
0
votes
1
answer
161
views
Can the security of Salsa20/Chacha20 be expanded to 448-bits if I fill the nonce and the Nothing-up-my-sleeve numbers with key material?
As I studied, Salsa20/Chacha20 is basically a hash function that accepts a 64-byte input and returns a output of the same size of input.
128-bits of the input are filled with four "Nothing-up-my-...
- 877
1
vote
1
answer
488
views
Is it okay to reuse a single symmetric key for a large volume of messages and HMACs, so long as "nonces" are randomly generated for both of them?
https://www.reddit.com/r/crypto/comments/fnku50/nonce_reuse_vs_iv_reuse/
Nonce reuse with the same key is catastrophic to security. The same premise holds for
initialization vectors. If the key ...
- 69
2
votes
1
answer
506
views
Related-key attacks against Salsa20 and ChaCha
From the Salsa20 security document, DJB states that he doesn't care about related key attacks:
The standard solutions to all the standard cryptographic problems—encryption, authentication, etc.—are ...
- 15.4k
1
vote
1
answer
311
views
Would using two keys for Salsa20 or ChaCha increase security?
Would using the keys (as in two passes with a key each) increase security for Salsa20 or ChaCha stream ciphers increase security?
- 11