2.2 KiB
My original plan was to use libsodium to handle encryption. However, the Rust bindings for libsodium are no longer actively maintained, which left me uncomfortable with using it. Instead, I switched to the RustCrypto implementations of the same (or nearly the same) cryptographic primitives provided by libsodium.
Creddy makes use of two cryptographic primitives: A key-derivation function, which is currently argon2id, and a symmetric encryption algorithm, currently XChaCha20Poly1305.
- I chose
argon2idbecause it's what libsodium uses, and because its difficulty parameters admit of very granular tuning. - I chose
XChaCha20Poly1305because it's almost what libsodium uses - libsodium usesXSalsa20Poly1305, and it's my undersatnding thatXChaCha20Poly1305is an evolution of the former. In both cases I use the eXtended variants, which make use of longer (24-byte) nonces than the non-X variants. This appealed to me because I wanted to be able to randomly generate a nonce every time I needed one, and I have seen recommendations that the 12-byte nonces used by the non-X variants are juuust a touch small for that to be truly worry-free. The RustCrypto implementation ofXChaCha20Poly1305has also been subject to a security audit, which is nice.
I tuned the argon2id parameters so that key-derivation would take ~800ms on my Ryzen 1600X. This is probably overkill, but I don't intend for key-derivation to be a frequent occurrence - no more than once a day, under normal circumstances. Taking in the neighborhood of 1 second seemed about the longest I could reasonably go.
DISCLAIMER: I am not a professional cryptographer, merely an interested amateur. While I've tried to be as careful as possible with selecting and making use of the cryptographic building blocks I've chosen here, there is always the possibility that I've screwed something up. If anyone would like to sponsor an actual security review of Creddy by people who actually know what they're doing instead of just what they've read on the internet, please let me know.