Add CryptoRng marker trait to ChaChaXCore#944
Conversation
|
|
|
Yes, I k ow that. You cannot use that struct with ReseedingRng though. If
you want to make a reseeding chacha rng you cannot make one that implements
CryptoRng today. You could do this in Rand 0.6.
…On Sat, Mar 7, 2020, 1:15 PM bjorn3 ***@***.***> wrote:
$ChaChaXRng does implement CryptoRng.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#944?email_source=notifications&email_token=AAEPMN2SO7FC35XO32O4CI3RGKTN5A5CNFSM4LDSAKG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEOEENSQ#issuecomment-596133578>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEPMN6YGLKFI56EZNQTHSDRGKTN5ANCNFSM4LDSAKGQ>
.
|
|
I think it would make sense to implement this only for the 12-round+ versions (i.e. not ChaCha8Rng / Core). @newpavlov do you agree? |
|
#932 points out that even chacha8
is secure, but it doesn't matter to me. If chacha8rng has it, the core
should as well. Maybe removing those in 0.8?
Seems like with reseeding, based on that paper, chacha8 would be
satisfactory?
…On Sun, Mar 8, 2020, 8:05 AM Diggory Hardy ***@***.***> wrote:
I think it would make sense to implement this only for the 12-round+
versions (i.e. not ChaCha8Rng / Core). @newpavlov
<https://github.com/newpavlov> do you agree?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#944?email_source=notifications&email_token=AAEPMN647EL7CP6O3ME6YDTRGOQZBA5CNFSM4LDSAKG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEOEW4OI#issuecomment-596209209>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEPMNYIQ64Z3NZMDFVIABLRGOQZBANCNFSM4LDSAKGQ>
.
|
|
As far as I know, ChaCha8 is secure (i.e. unbroken today). That is not the same as being recommended for use in cryptography: it has only a low margin of security. @tarcieri may like to comment, but IMO we shouldn't recommend ChaCha8 for cryptography, which is roughly what |
|
The "Too Much Crypto" paper recommended it, but it is debatable. (FWIW, the paper's author also co-authored the paper with the best known attack on ChaCha*) The best known attack reduces ChaCha7 from 256-bits symmetric security to ~247-bits. There are no known attacks against ChaCha8. Personally I think it's ok to consider it a |
dhardy
left a comment
dhardy
left a comment
There was a problem hiding this comment.
Fair enough. In that case, I approve this PR.
Add CryptoRng marker trait to ChaChaXCore
4 participants
Fixes #943.