Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [libsodium]

"The sodium crypto library". A cryptographic multi-language-library with support for many modern cryptographic primitives, that is a fork of the NaCl library. The library focuses on providing easy-to-use cryptographic primitives.

93 questions
70
votes
3 answers

Why Curve25519 for encryption but Ed25519 for signatures?

NaCl and libsodium libraries use Curve25519 for authenticated encryption (actually for sharing a key which is used for encryption) and Ed25519 for signatures. What is the purpose of using different primitives for these operations? Why just not to…
user10651
19
votes
2 answers

Argon2 output length and parameter storage?

I just started using the libsodium port for .net today and the output length parameter kind of confused me (I'm using the argon2i implementation). With my limited exposure to hashing, whatever hash algorithm I've used have always returned a constant…
coding4fun
  • 313
  • 1
  • 3
  • 6
14
votes
2 answers

How safe are Libsodium Crypto Boxes?

I am currently working on a huge PHP project and we are seriously considering to use the Libsodium PHP library in it. My question is related to the "sodium crypto box" functionality. We would use this functionality to implement public key…
abc
  • 331
  • 1
  • 3
  • 8
12
votes
3 answers

What happened to Poly1305AES? Is it obsolete?

I've been told that Poly1305AES is a great choice of MAC for constrained (embedded) environments. I'd checked out DJB's writing on it briefly, and have to say that I found its simplicity likeable, performance convincing & security proofs rigorous…
ulidtko
  • 349
  • 2
  • 11
7
votes
2 answers

libsodium x25519 and Ed25519 small order check

Studying libsodium implementation of x25519 and Ed25519 I saw that it performs an small order check comparing given inputs with a hard coded blacklist of values. Is this list exhaustive or it is a list of currently known invalid points? Source…
user3368561
  • 623
  • 5
  • 13
6
votes
2 answers

What is the difference between a sealed box and a normal box in libsodium?

I'm trying to learn libsodium to better my crypto knowledge. One nagging question I have is what is the difference between libsodium's sealed box and their normal box? Not in terms of technicalities as the docs do distinguish this well; but in terms…
Sukima
  • 161
  • 1
  • 6
5
votes
1 answer

Can libsodium's X25519 encryption construction be generalized?

It is my understanding that libsodium's sealed_box is based on X25519, a Diffie-Hellman function: By combining the X25519 key agreement with a symmetric cipher and having a recipient derive the symmetric key, a message can be constructed that can…
soa
  • 53
  • 3
5
votes
1 answer

Should I use NaCl or libsodium for my application?

While looking for end-to-end encryption for my app users, I stumbled upon NaCl and libsodium. I am unsure from a security perspective which of these implementations I should use for my cross-platform app. Are there big differences in the level of…
user77109
5
votes
1 answer

How to use Libsodium encryption (in PHP) in the most secure possible way?

In a PHP project in which fool-proof encryption is fundamental, I'm using the Libsodium library. Hope you guys can shine some light on the following questions. For all of the following functions, it looks like the length of the encrypted message is…
abc
  • 331
  • 1
  • 3
  • 8
5
votes
1 answer

Nonce reuse resistance

I read this article and I think the approach outlined there is very interesting for one of our use case. We use ChaCha20 Poly1305 (via Sodium crypto_aead_chacha20poly1305_encrypt_detached) to encrypt the data, which is typically 8 kb in size. We use…
Ayende Rahien
  • 199
  • 2
5
votes
1 answer

What is the best practices for storing ed25519 private keys which is used by nodes of my application to communicate with each other?

I am developing some kind of a P2P network where the nodes communicate with each other via TCP and each message is signed by Ed25519 private key. I use libsodium for signing and signature verification. I am currently developing a configuration of…
defuz
  • 153
  • 5
5
votes
1 answer

Security implications of public nonce

I'm planning to use the crypto_box() functions of Nacl (or, alternatively, the crypto_box_easy() functions of libsodium) to encrypt messages as part of a client/server protocol. The server has to deal with multiple clients and each message from a…
dsd
  • 151
  • 2
5
votes
1 answer

Additional Data in AEAD (Chacha20-poly1305 libsodium)

I have recently been playing with Chacha20-Poly1305 in libsodium, and all of the examples state the additional data portion of the tag is stored in plaintext when encrypted. But from what I can tell the AD tag never actually gets put anywhere in the…
TerrorByte
  • 51
  • 3
4
votes
1 answer

Which version of ChaCha is more secure?

Which version of ChaCha is more secure? XChaCha20-Poly1305-IETF ChaCha20-IETF-Poly1305 ChaCha20-Poly1305 I am looking for 256bit strength for large datasets. I am having trouble disambiguating the delta between these ciphers available in…
Woodstock
  • 1,454
  • 1
  • 15
  • 26
4
votes
1 answer

I have this list of LibSodium primitives, which should I pick so that the implementations tend to be interoperable?

When I integrate lib sodium, into a c# project, and try to consume, encryption and decryption in a particular way, it works, but the confusion is about, which method to use while encryption or decryption, as it provides various ways to…
Kaushal B
  • 43
  • 5
1
2 3 4 5 6 7