Commit 12bbae8b authored by Niels Möller's avatar Niels Möller

Stress that the salsa20 hash function is not for general use.

parent 90320ba2
2012-09-21 Niels Möller <nisse@lysator.liu.se>
* nettle.texinfo (Cipher functions): Stress that the salsa20 hash
function is not suitable as a general hash function.
2012-09-20 Simon Josefsson <simon@josefsson.org>
* pbkdf2-hmac-sha1.c, pbkdf2-hmac-sha256.c: New files.
......
......@@ -1275,12 +1275,15 @@ in this way to ridicule United States export restrictions which treated hash
functions as nice and harmless, but ciphers as dangerous munitions.
Salsa20 uses the same idea, but with a new specialized hash function to
mix key, block counter, and a couple of constants (input and output are
the same size, making it not directly applicable for use as a general
hash function). It's also designed for speed; on x86_64, it is currently
the fastest cipher offered by nettle. It uses a block size of 512 bits
(64 octets) and there are two specified key sizes, 128 and 256 bits (16
and 32 octets).
mix key, block counter, and a couple of constants. It's also designed
for speed; on x86_64, it is currently the fastest cipher offered by
nettle. It uses a block size of 512 bits (64 octets) and there are two
specified key sizes, 128 and 256 bits (16 and 32 octets).
@strong{Caution:} The hash function used in Salsa20 is @emph{not}
directly applicable for use as a general hash function. It's @emph{not}
collision resistant if arbitrary inputs are allowed, and furthermore,
the input and output is of fixed size.
When using Salsa20 to process a message, one specifies both a key and a
@dfn{nonce}, the latter playing a similar rôle to the initialization
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment