Which version of ChaCha is more secure?Where are the ChaCha20 test vectors/examples?chacha20-poly1305 padding and length encodingCollision or second preimage for the ChaCha core?Symmetric encryption algorithms with large IVs and authentication?Nonce reuse resistanceWhere is HChaCha20 formally defined?Is XChaCha20-Poly1305 nonce misuse-resistant?Is streaming API to ChaCha20-Poly1305 possible or recommended against?Reason for 3 rounds ChaCha in ChaCha20Poly1305@opensshLargest message size for XChaCha20-Poly1305

Is BitLocker useful in the case of stolen laptop?

C++ - using const reference to prolong a member of a temporary, ok or UB?

A medieval fantasy adventurer lights a torch in a 100% pure oxygen room. What happens?

What does "synoptic" mean in avionics?

How can a resurrection system prevent the cheapening of death?

Georgian capital letter “Ⴒ” (“tar”) in pdfLaTeX

Were Roman public roads build by private companies?

Are programming languages necessary/useful for operations research practitioner?

Which version of ChaCha is more secure?

How seriously should I take a CBP interview where I was told I have a red flag and could only stay for 30 days?

Can a magnet rip protons from a nucleus?

Are there take-over requests from autopilots?

Is it appropriate for a professor to require students to sign a non-disclosure agreement before being taught?

Writing a worded mathematical expression

What's the biggest organic molecule that could have a smell?

Are scroll bars dead in 2019?

How to predict the decomposition products of for example barium carbonate?

Are there any instances of members of different Hogwarts houses coupling up and marrying each other?

How do you build a Dominant 7th chord?

Which ping implementation is Cygwin using?

Dividing Divisive Divisors

Sol Ⅲ = Earth: What is the origin of this planetary naming scheme?

„nichts wie raus hier“ - explanation based on the literal meaning?

Did Picard get in trouble when he was in command of the Stargazer and lost his ship?



Which version of ChaCha is more secure?


Where are the ChaCha20 test vectors/examples?chacha20-poly1305 padding and length encodingCollision or second preimage for the ChaCha core?Symmetric encryption algorithms with large IVs and authentication?Nonce reuse resistanceWhere is HChaCha20 formally defined?Is XChaCha20-Poly1305 nonce misuse-resistant?Is streaming API to ChaCha20-Poly1305 possible or recommended against?Reason for 3 rounds ChaCha in ChaCha20Poly1305@opensshLargest message size for XChaCha20-Poly1305






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1












$begingroup$


Which version of ChaCha is more secure?



XChaCha20-Poly1305-IETF

ChaCha20-IETF-Poly1305

ChaCha20-Poly1305


I am looking for 256bit strength for large datasets.



I am having trouble disambiguating the delta between these ciphers available in libSodium.










share|improve this question









$endgroup$




















    1












    $begingroup$


    Which version of ChaCha is more secure?



    XChaCha20-Poly1305-IETF

    ChaCha20-IETF-Poly1305

    ChaCha20-Poly1305


    I am looking for 256bit strength for large datasets.



    I am having trouble disambiguating the delta between these ciphers available in libSodium.










    share|improve this question









    $endgroup$
















      1












      1








      1


      1



      $begingroup$


      Which version of ChaCha is more secure?



      XChaCha20-Poly1305-IETF

      ChaCha20-IETF-Poly1305

      ChaCha20-Poly1305


      I am looking for 256bit strength for large datasets.



      I am having trouble disambiguating the delta between these ciphers available in libSodium.










      share|improve this question









      $endgroup$




      Which version of ChaCha is more secure?



      XChaCha20-Poly1305-IETF

      ChaCha20-IETF-Poly1305

      ChaCha20-Poly1305


      I am looking for 256bit strength for large datasets.



      I am having trouble disambiguating the delta between these ciphers available in libSodium.







      chacha libsodium






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 8 hours ago









      WoodstockWoodstock

      26110 bronze badges




      26110 bronze badges























          1 Answer
          1






          active

          oldest

          votes


















          4














          $begingroup$

          The only difference between these is the nonce size (and, consequently, the internal counter size). The core function is exactly the same. They all offer the exact same security level if they are used as expected.



          The trade-offs are described in the AEAD section of the documentation.



          XChaCha20-Poly1305-IETF is the one that has the largest nonce size. This significantly reduces the risk of reuse, since it can be randomly chosen without any practical risk of collision. This can also be leveraged to build nonce misuse-resistant schemes.



          Unless you specifically need compatibility with a different implementation that doesn't support the XChaCha20 version, this is the one you want to use in virtually all cases.



          XChaCha20-Poly1305-IETF is very likely to become the function used by the high-level API in a future libsodium release. Which means that other variants will not be available any longer in minimal builds.



          Since your use case appears to be encrypting large messages, the higher-level secretstream API is a better fit. It uses XChaCha20-Poly1305-IETF internally.






          share|improve this answer











          $endgroup$














          • $begingroup$
            Thanks @Frank Denis
            $endgroup$
            – Woodstock
            7 hours ago










          • $begingroup$
            we consider the IV reuse as a security risk. If they have different IV lengths how will they have the same security levels?
            $endgroup$
            – kelalaka
            1 hour ago













          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "281"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );














          draft saved

          draft discarded
















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f73220%2fwhich-version-of-chacha-is-more-secure%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          4














          $begingroup$

          The only difference between these is the nonce size (and, consequently, the internal counter size). The core function is exactly the same. They all offer the exact same security level if they are used as expected.



          The trade-offs are described in the AEAD section of the documentation.



          XChaCha20-Poly1305-IETF is the one that has the largest nonce size. This significantly reduces the risk of reuse, since it can be randomly chosen without any practical risk of collision. This can also be leveraged to build nonce misuse-resistant schemes.



          Unless you specifically need compatibility with a different implementation that doesn't support the XChaCha20 version, this is the one you want to use in virtually all cases.



          XChaCha20-Poly1305-IETF is very likely to become the function used by the high-level API in a future libsodium release. Which means that other variants will not be available any longer in minimal builds.



          Since your use case appears to be encrypting large messages, the higher-level secretstream API is a better fit. It uses XChaCha20-Poly1305-IETF internally.






          share|improve this answer











          $endgroup$














          • $begingroup$
            Thanks @Frank Denis
            $endgroup$
            – Woodstock
            7 hours ago










          • $begingroup$
            we consider the IV reuse as a security risk. If they have different IV lengths how will they have the same security levels?
            $endgroup$
            – kelalaka
            1 hour ago















          4














          $begingroup$

          The only difference between these is the nonce size (and, consequently, the internal counter size). The core function is exactly the same. They all offer the exact same security level if they are used as expected.



          The trade-offs are described in the AEAD section of the documentation.



          XChaCha20-Poly1305-IETF is the one that has the largest nonce size. This significantly reduces the risk of reuse, since it can be randomly chosen without any practical risk of collision. This can also be leveraged to build nonce misuse-resistant schemes.



          Unless you specifically need compatibility with a different implementation that doesn't support the XChaCha20 version, this is the one you want to use in virtually all cases.



          XChaCha20-Poly1305-IETF is very likely to become the function used by the high-level API in a future libsodium release. Which means that other variants will not be available any longer in minimal builds.



          Since your use case appears to be encrypting large messages, the higher-level secretstream API is a better fit. It uses XChaCha20-Poly1305-IETF internally.






          share|improve this answer











          $endgroup$














          • $begingroup$
            Thanks @Frank Denis
            $endgroup$
            – Woodstock
            7 hours ago










          • $begingroup$
            we consider the IV reuse as a security risk. If they have different IV lengths how will they have the same security levels?
            $endgroup$
            – kelalaka
            1 hour ago













          4














          4










          4







          $begingroup$

          The only difference between these is the nonce size (and, consequently, the internal counter size). The core function is exactly the same. They all offer the exact same security level if they are used as expected.



          The trade-offs are described in the AEAD section of the documentation.



          XChaCha20-Poly1305-IETF is the one that has the largest nonce size. This significantly reduces the risk of reuse, since it can be randomly chosen without any practical risk of collision. This can also be leveraged to build nonce misuse-resistant schemes.



          Unless you specifically need compatibility with a different implementation that doesn't support the XChaCha20 version, this is the one you want to use in virtually all cases.



          XChaCha20-Poly1305-IETF is very likely to become the function used by the high-level API in a future libsodium release. Which means that other variants will not be available any longer in minimal builds.



          Since your use case appears to be encrypting large messages, the higher-level secretstream API is a better fit. It uses XChaCha20-Poly1305-IETF internally.






          share|improve this answer











          $endgroup$



          The only difference between these is the nonce size (and, consequently, the internal counter size). The core function is exactly the same. They all offer the exact same security level if they are used as expected.



          The trade-offs are described in the AEAD section of the documentation.



          XChaCha20-Poly1305-IETF is the one that has the largest nonce size. This significantly reduces the risk of reuse, since it can be randomly chosen without any practical risk of collision. This can also be leveraged to build nonce misuse-resistant schemes.



          Unless you specifically need compatibility with a different implementation that doesn't support the XChaCha20 version, this is the one you want to use in virtually all cases.



          XChaCha20-Poly1305-IETF is very likely to become the function used by the high-level API in a future libsodium release. Which means that other variants will not be available any longer in minimal builds.



          Since your use case appears to be encrypting large messages, the higher-level secretstream API is a better fit. It uses XChaCha20-Poly1305-IETF internally.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited 7 hours ago

























          answered 7 hours ago









          Frank DenisFrank Denis

          1,7839 silver badges7 bronze badges




          1,7839 silver badges7 bronze badges














          • $begingroup$
            Thanks @Frank Denis
            $endgroup$
            – Woodstock
            7 hours ago










          • $begingroup$
            we consider the IV reuse as a security risk. If they have different IV lengths how will they have the same security levels?
            $endgroup$
            – kelalaka
            1 hour ago
















          • $begingroup$
            Thanks @Frank Denis
            $endgroup$
            – Woodstock
            7 hours ago










          • $begingroup$
            we consider the IV reuse as a security risk. If they have different IV lengths how will they have the same security levels?
            $endgroup$
            – kelalaka
            1 hour ago















          $begingroup$
          Thanks @Frank Denis
          $endgroup$
          – Woodstock
          7 hours ago




          $begingroup$
          Thanks @Frank Denis
          $endgroup$
          – Woodstock
          7 hours ago












          $begingroup$
          we consider the IV reuse as a security risk. If they have different IV lengths how will they have the same security levels?
          $endgroup$
          – kelalaka
          1 hour ago




          $begingroup$
          we consider the IV reuse as a security risk. If they have different IV lengths how will they have the same security levels?
          $endgroup$
          – kelalaka
          1 hour ago


















          draft saved

          draft discarded















































          Thanks for contributing an answer to Cryptography Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f73220%2fwhich-version-of-chacha-is-more-secure%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

          Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

          199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單