> On Jan 13, 2022, at 9:31 AM, Kenton Varda <ken...@cloudflare.com> wrote:
>
> It looks like the chacha20 functions have variants with an "ic" parameter,
> which lets you specify the block counter, but the salsa20 functions don't
> have this for some reason.
A block counter would still require dividing the stream into blocks.
Fixed-size blocks won’t work because the codec will stall until a block is
completed, which would deadlock most interactive protocols.
Variable-size blocks depend on the byte counts passed to the writer, which then
means writing the block size into the output, and assembling a block on the
read side. This turns out to be just as much work as using the higher level
APIs like crypto_secretstream_xchacha20poly1305, or for that matter
crypto_secretbox, both of which authenticate; so might as well just use them.
(As does Scuttlebutt.)
Bizarrely, there appears to be no actual streaming API where your data gets
encrypted with successive portions of the infinite cipher stream. This is
further confirmation of my belief that cryptographers should never be allowed
to design APIs.
So. Current plan is to write a stream wrapper around crypto_secretbox. This
involves annoying stuff like buffering data, but it’s not rocket science.
—Jens
--
You received this message because you are subscribed to the Google Groups
"Cap'n Proto" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to capnproto+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/capnproto/D78A20B1-66F3-4D20-9313-2A2F1D65967E%40mooseyard.com.
