jedisct1
commented
6 years ago Hi Vincent,
There are attacks more efficient than brute-force, so that the security level is considered ~ 2^127. Algorithms to solve the problem it relies on (ECDLP) in polynomial time don't exist. Computers able to solve this problem don't exist either. See the reference paper on curve25519 on the conjectured security level for that specific curve.
The whole point of libsodium and libhydrogen is that you don't have to bother about what the underlying primitives are and how they work. So that using these in an insecure way is less likely to happen.
Anyway:
- X25519: a (secret, public) key pair can be used to encrypt data, but this is very inefficient. So, these are used to compute a shared secret key instead, and that shared secret is used for encryption. This is what the X25519 algorithm does. Google for "Diffie-Hellman" or "ECDH" for more information.
- XSalsa20: this one is used for encryption. salsa20.
- Poly1305: that one is used to add some information to the ciphertext in order to detect if it was tampered with before possibly decrypting it. poly1305.
Since you are using PHP, you may want to consider Halite that is a higher-level API for libsodium.
Hi All,
This is not an "issue" but a question about Libsodium. I am sorry if this is not the right place, but I did not find a discussion board or anything, and the answer to my question might be interesting for others.
I am currently working on a huge PHP project and we are seriously considering to use the Libsodium PHP library in it. My question is related to the "sodium crypto box" functionality. We would use this functionality to implement Public key authenticated encryption. We would generate keypairs using the "sodium crypto box keypair" function, nonces using the "sodium crypto box noncebytes" function, and seal/open the crypto boxes through the "sodium crypto box" and "sodium crypto box open" functions ...
My question is basically "how safe is this" ?
Public keys will be public (duh...), so our concern is that someone might be able to generate a correctly sealed box by "cracking" somehow the secret key of the sender, or to open a sealed box by cracking the SK of the receiver ... These keys are 64-digit hexadecimal strings ... Is my assumption correct that this means that there are 16^64 possible combinations (115,792,089,237,316,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000) ?
If yes, this would mean that brute forcing all possible combinations at a rate of 1 million tries per second would take 3,671,743,063,080,800,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 years ? Correct ? Or are there more "efficient" attacks ?
Another thing: on the official Libsodium website I found the following algorithm details with respect to the functions we want to use: Key exchange: X25519 Encryption: XSalsa20 stream cipher Authentication: Poly1305 MAC
Can someone try to explain me what this means ? Is following interpretation correct: -> Key exchange: X25519 ----> this is the keypair generation algorithm ??? -> Encryption: XSalsa20 stream cipher ----> this is the encryption algorithm ??? -> Authentication: Poly1305 MAC ---> this is the nonce generation algorithm ???
Thanks to all, Cheers, Vincent.