LaVOZs

The World’s Largest Online Community for Developers

'; pynacl - Can libsodium's secret box be configured to use a cipher other than Salsa20? - LavOzs.Com

I understand this question may seem better-suited for Crypto.SE or Security.SE; I'm asking it here because I'm specifically asking for help with the API rather than asking for technical or historic background.

I'm currently looking at integrating libsodium into one of my projects via PyNaCl. Having scanned the docs for both these projects (admittedly not super thoroughly), it doesn't look to me like there's a way to use an a cipher other than Salsa20, the default.

This doesn't pose an immediate problem for me since Salsa20 seems to be both reasonably secure as well as being performant, but in the future, I may want to use a different algorithm. Is this kind of toggle provided by either library (and ideally at the PyNaCl level)?

The box operation just performs a scalar multiplication in order to get the shared secret, and then performs authenticated encryption using that secret.

The former is done with the scalarmult API, that you can call manually to get the same key as the one box would compute.

The later is the secretstream API, that you can also call manually using the shared key from the previous step.

Libsodium has a slightly better key exchange API: kx (crypto_kx) that you can use for the first step.

And for the symmetric operation, it also provides alternatives to XSalsa20 (-Poly1305), in particular in the AEAD APIs: XChaCha20 (-Poly1305), AES-256 (-GCM) and AEGIS-256.

But, really, there is nothing wrong with XSalsa20. It has a comfortable security margin, and its large nonce size is very convenient.

Related
Including Paragonie Halite in project doesn't find variables and functions
How can I create or open a libsodium compatible sealed box in pure Java