Questions tagged [chacha]
ChaCha is a family of stream ciphers proposed by Daniel J. Bernstein, as an evolution of Salsa20 with (conjecturally) improved resistance to cryptanalysis.
179
questions
2
votes
1
answer
267
views
Does triple ChaCha20 have 256-bit post-quantum security?
Experts suggested 3DES when AES wasn't developed yet, since meet-in-the-middle attack, they suggested triple DES. Grover's algorithm, a quantum algorithm, weakens symmetric encryptions, how about ...
1
vote
1
answer
330
views
Age: stream cipher with public key cryptography?
I have some rudimentary cryptography knowledge but am by no means an expert.
I generally understand stream ciphers, such as such as ChaCha20-Poly1305, to be symmetric. I am wondering how age (https://...
0
votes
1
answer
157
views
Do multiple keys mitigate Grover algorithm?
Grover, a quantum algorithm, weakens AES and ChaCha20. Is it possible to use multiple symmetric keys to encrypt a message multiple times to achieve 256-bit security for quantum computers?
1
vote
1
answer
502
views
XChaCha20-Poly1305 question about IV's
I've a question about XChaCha20-Poly1305, from a brute force perspective. Suppose we have the power to brute force crack it. If the IV is known to the attacker and it's only one file. The time needed ...
7
votes
2
answers
780
views
Fast cipher without needing hardware support (like ChaCha20) for disk encryption
On my old laptop, ChaCha20 is quite a bit faster than AES as there is no hardware acceleration for AES. But for disk encryption AES based schemes seem to be the only option, as a stream cipher like ...
2
votes
0
answers
343
views
Why is using ChaCha20 for disk encryption insecure?
https://en.wikipedia.org/wiki/Disk_encryption_theory
Why do we use XTS over CTR for disk encryption?
If we used ChaCha20 (without authentication) by simply encrypting each disk sector with the same ...
4
votes
0
answers
160
views
ChaCha-based Sponge PRNG fails PractRand suite
TL;DR: My simple ChaCha-based sponge PRNG is getting "unusual" evaluation from PractRand test battery pretty reliably, sometimes even within the first GB; I'm trying understand why.
I was in ...
1
vote
1
answer
1k
views
XChaCha20-Poly1305 vs Plain ChaCha20-Poly1305 performance
I know that the security of both are the same (only nonce size is different). But which one is faster and better to use, when encrypting a lot of files (500+, from 1MB to 200MB)?
1
vote
1
answer
140
views
Is it possible to extend CMAC for ChaCha
CMAC is defined for AES for authentication. My question is pretty simple: is it possible to extend CMAC for ChaCha? Does it even make sense? I cannot find anything related and I am wondering if I am ...
0
votes
1
answer
140
views
Various attacks on cipher-images & tools, especially stream-cipher?
What kind of attack of image encryption that exist out there, especially if the cipherimage was created using secure stream-cipher like Salsa20 (256 key) or ChaCha20 (256 key)?
From https://cr.yp.to/...
1
vote
1
answer
431
views
Dividing an encrypted file is secure against classical or quantum
I'm very new to cryptography and this may sound so foolish. Often I read quantum computers will brute force keys. Let's assume this is true (does it depend on key length? or on an algorithm? I don't ...
6
votes
1
answer
4k
views
is XChaCha20 stronger than ChaCha20?
Some of the encrypted messenger apps and password managers use extended version of Bernstein's ciphers and some of them not.
Viber-Salsa20
Wire-ChaCha20
Threema-XSalsa20
Sid-Salsa20
Nordpass-XChaCha20
...
1
vote
0
answers
215
views
Is ChaCha20 + HMAC(SHA3) output indistinguishable from randomness?
I was wondering, if the output of following type of ChaCha + HMAC scheme is indistinguishable from randomness:
...
0
votes
1
answer
165
views
ChaCha Single-Use RNG with All Zero Plaintext + Nonce
I am creating an internal application that will be used to generate and manage self-signed certificates and certificate authorities. Its primary use will be for generating certificates used in SSL ...
4
votes
0
answers
153
views
Why Block Ciphers
I fail to understand what block ciphers can do that stream ciphers cannot.
Also aren't they construct able from one another.
prg(stream cipher) -> prf -> prp(block cipher)
Any practical example ...