Ask HN: LibreSSL symmetric encryption using ChaCha20 (openssl -enc)

4 points by chachalarue ↗ HN
Seems you can use command line option "openssl -enc -cipher chacha" with LibreSSL for file encryption however the documentation doesn't mention this as a supported cipher. Is it insanity to use a stream cipher for data at rest or should I stick to what the manpage for Libre/OpenSSL recommends which is "a strong block cipher in CBC mode such as bf or des3".

2 comments

[ 0.75 ms ] story [ 11.6 ms ] thread
I suggest you don't pick cipher and encryption parameters by hand, and instead use a full encryption solution designed for this use case.

An example is using dm-crypt and LUKS. If you don't want to have a dedicated encrypted partition, you can mount a file with a loop device. For example, see it here:

https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_a_n...

It will use AES by default in XTS mode. (the default was changed because of CBC malleability attacks).

Anyway, compared to AES, ChaCha is simpler, don't suffer from timing attacks, and don't require a mode of operation. There's nothing wrong with using it for data at rest.

Thanks, this is for multi-platform encryption of data at rest, as where I work all systems are using LibreSSL now so can abstract away the openssl shell commands for easy encrypt/decrypt and since Android will soon have a similar library through BoringSSL can extend it to mobile devices.

Went through the Salsa20/ChaCha djb pages to see it doesn't use modes, and LibreSSL source for e_chacha/e_chacha20poly1305.c indicates a 2TB limit but would never come close to encrypting anything that large as that's why we have Tarsnap backups. Reasons I eyed the AEAD stream cipher for file encryption was because how crazy fast it was during tests and the small size of the output, just was wondering about any potential 'gotchas' I wouldn't know about since I'm no expert on crypto hashing/file encryption.