0

Let's say I have x bytes of data that needs to be encrypted with Stream Ciphers such as AES256-CTR, ChaCha20, Salsa20, XChaCha20, XSalsa20.

I would like to ask, since these ciphers typically requires MAC to ensure their integrity. Will current Poly1305 that comes along with ChaCha20,XChaCha20,Salsa20,XSalsa20 & GCM that bundles with AES256-CTR in libsodium library considered to be able to store them for a long time?

If Poly1305 MAC and GCM was not suit to be used for long time storage, what kind of hashing algorithm along with methods or MAC algorithm I can use?

Hern
  • 159
  • 2
  • 10

1 Answers1

2

The MAC algorithm would not be the first thing I would worry about. There are many more issues such as key management, destruction of the original files etc. to worry about. Are these algorithms secure? Yes, we think so currently. Will they remain secure? I'd wager that it is likely. As with many algorithms we cannot prove that they are secure.

That said, nobody has ever been fired for using 256 bit keys and HMAC-SHA-256 with the extended output size of 256 bits. Unless they forgot to include the IV/nonce and other relevant data in the calculation of course.

Software implementations of AES / GMAC can be vulnerable against side channel attacks, see e.g. here but that's not of much consequence for data at rest.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323