Luke ParkerDoes anyone have a recommended 512-bit cipher? Preferably stream, yet I can tolerate block.
I do know how to type Blake2b-512(seed, counter). I prefer not to.
Joshua Small@kayaba Given I don't think there's a "proper" answer, there's a degree of rolling your own that will be of higher risk than any key length advantage. That said, hear me out: Triple Chacha-8.
@jsmall that's why I was hoping for an existing solution. Possibly a not-chosen AES candidate?
Why triple? And then the argument against multiple Chachas is it doesn't exponentially increase security. Meet in the middle attacks give two of them a complexity of 257 bits not 512. The third doesn't exactly get it to 258...
@jsmall I'll note the obvious issue with a not-chosen AES candidate. It wasn't chosen :/ That means it will be lacking review when compared to AES, possibly be less secure, and far less supported.
Blake2b-512 with a counter is trivial and Blake2b is widely reviewed/supported. SHA2/SHA3 would he their own options for people wanting the utmost review/support.
@kayaba All valid, and I don't realistically expect there's a practical approved answer past AES256. I suggested triple due to round count, it would put you past the 20 of chacha20.
@jsmall round count doesn't help when the bits of entropy aren't near what I'm looking for :/ but thanks for chiming in :)
Aaron Toponce ⚛️
@kayaba Threefish-512 is what you're looking for. It's well-defined so you don't need to custom design your own. It was a SHA-3 finalist and performs very well in software.
@atoponce Thanks! Definitely sounds like what I'd want for a proper solution.
Then the question is simply are proper solutions better than a simple Blake2b hack which sounds a lot more... practical?
Then there's also the ability to use a Keccak256 sponge construction...
@kayaba Personally, I'd rather use something "off the shelf" than rolling my own. Cryptography is loaded with pitfalls and sharp edges. There's no guarantee I'd design something correctly, and instead, probably get it wrong. Side channels, key misuse, authentication errors, etc.