@bascule @matthew_d_green I'd use something like HMAC-SHA512("key id for my super-scheme", key) instead of plain SHA-512 to derive keys
-
-
-
-
@matthew_d_green@dchest@marshray updated using nonces + HKDF: https://gist.github.com/tarcieri/5351974 … -
@bascule@matthew_d_green@dchest@marshray I don’t understand why you’re replacing NaCl with entirely new constructions. -
@tqbf@matthew_d_green@dchest@marshray just a thought experiment. The stuff I'm actually writing uses secret_box -
@bascule@matthew_d_green@dchest@marshray It doesn’t sound that way from the ticket; sounds like you’re saying, “use this for NIST crypto” -
@tqbf@matthew_d_green@dchest@marshray so I take it you think even exposing it at all is a bad idea -
@bascule@matthew_d_green@dchest@marshray I would not feel comfortable publishing a library with my own informally reviewed cryptosystem. - 4 more replies
New conversation -
-
-
@bascule@matthew_d_green also, wouldn't 16 byte tag be enough for AES-128?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@bascule@matthew_d_green just in case a user exposes SHA512 of their key somewhere in a different place of their protocol.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.