(section ripped from Cryptosphere)
This commit is contained in:
Frank Denis 2013-09-09 21:25:31 -07:00
parent 9db373dd6a
commit 9b3c459a53

View File

@ -13,6 +13,32 @@ higher-level cryptographic tools.
Sodium is a portable, cross-compilable, installable, packageable
fork of NaCl, with a compatible API.
## Is it full of NSA backdoors?
![No NIST](http://i.imgur.com/HSxeAmp.png)
The design of Sodium's primitives is completely free from NIST (and by
association, NSA) influence, with the following minor exceptions:
- The Poly1305 MAC, used for authenticating integrity of ciphertexts,
uses AES as a replaceable component,
- The Ed25519 digital signature algorithm uses SHA-512 for both key
derivation and computing message digests,
- APIs are provided to SHA-512 and SHA-512/256, but are replaceable by
the Blake hash function, which is also available in the Sodium library.
The design choices, particularly in regard to the Curve25519
Diffie-Hellman function, ephasize security (whereas NIST curves
emphasize "performance" at the cost of security), and "magic
constants" in NaCl/Sodium are picked by theorems designed to maximize
security.
The same cannot be said of NIST curves, where the specific origins of
certain constants are not described by the standards and may be
subject to malicious influence by the NSA.
And despite the emphasis on higher security, primitives are faster
across-the-board than most implementations of the NIST standards.
## Portability
In order to pick the fastest working implementation of each primitive,