laysakura
commented
3 years ago We should not XSalsa20 from the beginning.
https://docs.rs/xsalsa20poly1305/0.7.1/xsalsa20poly1305/
This algorithm has largely been replaced by the newer ChaCha20Poly1305 (and the associated XChaCha20Poly1305) AEAD ciphers (RFC 8439), but is useful for interoperability with legacy NaCl-based protocols.
No security audits of this crate have ever been performed, and it has not been thoroughly assessed to ensure its operation is constant-time on common CPU architectures.
https://docs.rs/chacha20poly1305/0.8.0/chacha20poly1305/
This crate has received one security audit by NCC Group, with no significant findings. We would like to thank MobileCoin for funding the audit.
https://docs.rs/crypto_box/0.6.0/crypto_box/#choosing-chachabox-vs-salasabox