Interest in a new crypto backend?

[jaromil]

Hi there, awesome software thanks! discovered while traveling in .cn eheh. Handy.

Since I see this minimal C implementation I am curious if you are interested in a crypto-backend that is even smaller than libsodium and offers a lot more flexibility to design crypto schemes, I'm talking about https://Zenroom.dyne.org I'm the author and would be interested in making it useful also for shadowsocks if you can offer a bit of hand-holding on what needs to be wired up. But ok if you are happy with what you have is fine. Zenroom has also AEAD AES-GCM implemented and no external dependency (for crypto I use apache-milagro). Ciao!

[wongsyrone]

There are two directions on how to develop the software: one for strong encryption, the other one is hiding data in a harmless tunnel. Strong encryption is a method to achieve the goal, not the goal itself.

[jaromil]

Very clear, thanks. I am aware of the problem and currently analysing it more in detail. My assumption is that adopting elliptic curve (EC) based cryptography it will become easier to use steganography techniques. Also EC offers a growing choice of curves which may be hard to fingerprint. In Zenroom we have ed25519, goldilocks and secp256k1 interchangable with BLS383 and other pairing capable curves, plus a scripting framework which may facilitate ad-hoc hiding techniques.

Assuming it may be interesting to experiment with zenroom in place of libsodium, can you or someone else point out the API endpoints for initialisation, stream feeding and teardown?

[madeye]

Maybe open a discussion here instead: https://github.com/shadowsocks/shadowsocks-org/issues

Generally, we don't have any plan to involve any new crypto backend, to minimize our dependency issues.

[jaromil]

ACK. I also love minimizing deps and zenroom compiles fully static and unikernel as well, so this would lower your deps to a smaller codebase.

Moved to https://github.com/shadowsocks/shadowsocks-org/issues/135 thanks!