View Issue Details

IDProjectCategoryView StatusLast Update
0005886GNUnetcadet servicepublic2019-09-09 18:17
ReporterbuttflyAssigned To 
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0005886: Use more secure algorithms in CADET
DescriptionUpon reading I found:

- CADET provides confidentiality with so-called perfect forward secrecy; we use ECDHE powered by Curve25519 for the key exchange and then use symmetric encryption, encrypting with both AES-256 and Twofish
- authentication is achieved by signing the ephemeral keys using Ed25519, a deterministic variant of ECDSA
- integrity protection (using SHA-512 to do encrypt-then-MAC, although only 256 bits are sent to reduce overhead)

My questions are:

1) Would it not be more ideal to use Salsa20 or XSalsa20 instead of AES-256 and Twofish?
2) Should not we use BLAKE2? Its digest sizes are 224, 256, 384, and 512 bits. There would be no need to truncate, AND it is much faster than SHA-512. See for benchmarks and more information.
TagsNo tags attached.


There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-09-09 18:10 buttfly New Issue