Choose crypto parameters more carefully

[dcposch]

Currently, I'm using OpenPGP.js defaults.

Questions:

What block cipher mode of operation do you use? If the mode of operation requires padding, what padding scheme do you use? Do you authenticate the ciphertext? If so, what MAC function do you use, and how do you derive the MAC key?

[jaekwon]

For my project Gourami I chose NACL for message body encryption, which uses salsa20. I chose this primarily because it's faster (http://www.cryptopp.com/benchmarks.html), and the aim of my project was to also enable filesharing. There is a Javascript emcripten port of NACL, so it's another option.

[dcposch]

Reading about it now. Thanks!

On Fri, Aug 30, 2013 at 1:41 PM, jaekwon notifications@github.com wrote:

For my project Gourami I chose NACL for message body encryption, which uses salsa20. I chose this primarily because it's faster ( http://www.cryptopp.com/benchmarks.html), and the aim of my project was to also enable filesharing. There is a Javascript emcripten port of NACL, so it's another option.

— Reply to this email directly or view it on GitHubhttps://github.com/dcposch/scramble/issues/13#issuecomment-23587915 .

[jaekwon]

http://bitcoinmagazine.com/7781/satoshis-genius-unexpected-ways-in-which-bitcoin-dodged-some-cryptographic-bullet/

BitCoin is using secp256k1. Just noting this, since NaCL also uses elliptic curves.

[ghost]

NaCl is a very good choice. I hope this helps:

js-nacl: https://github.com/tonyg/js-nacl nacl in Go: https://code.google.com/p/go/source/browse/?repo=crypto#hg%2Fnacl%2Fsecretbox

I also recommend the use Ed25519 (next NaCl version will support it). https://godoc.org/github.com/agl/ed25519