View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005886||GNUnet||cadet service||public||2019-09-09 18:10||2019-09-09 18:17|
|Target Version||Fixed in Version|
|Summary||0005886: Use more secure algorithms in CADET|
|Description||Upon reading https://docs.gnunet.org/handbook/gnunet.html#CADET-Subsystem I found:|
- CADET provides confidentiality with so-called perfect forward secrecy; we use ECDHE powered by Curve25519 for the key exchange and then use symmetric encryption, encrypting with both AES-256 and Twofish
- authentication is achieved by signing the ephemeral keys using Ed25519, a deterministic variant of ECDSA
- integrity protection (using SHA-512 to do encrypt-then-MAC, although only 256 bits are sent to reduce overhead)
My questions are:
1) Would it not be more ideal to use Salsa20 or XSalsa20 instead of AES-256 and Twofish?
2) Should not we use BLAKE2? Its digest sizes are 224, 256, 384, and 512 bits. There would be no need to truncate, AND it is much faster than SHA-512. See https://blake2.net/ for benchmarks and more information.
|Tags||No tags attached.|