-- | -- Module : Raaz.AuthEncrypt.Unsafe -- Copyright : (c) Piyush P Kurur, 2016 -- License : Apache-2.0 OR BSD-3-Clause -- Maintainer : Piyush P Kurur <ppk@iitpkd.ac.in> -- Stability : experimental -- module Raaz.AuthEncrypt.Unsafe ( -- * Auth Encryption with Explicit Nounce -- $unsafe$ -- ** Specific variants -- $specific$ module Raaz.V1.AuthEncrypt.Unsafe ) where import Raaz.V1.AuthEncrypt.Unsafe -- $unsafe$ -- -- __WARNING:__ The security of the interface is compromised if -- -- 1. The key gets revealed to the attacker or -- -- 2. If the same key/nounce pair is used to lock two different -- messages. -- -- 3. Taking apart the AEAD token also compromises the type safety. -- -- Why then do we provide these functions ? As long as you are using -- the raaz library exclusively, you do not need to use this unsafe -- function. These are only needed when working with other libraries -- and protocols which have a different nonunce selection policy -- and/or a different encoding scheme for the AEAD token. -- -- Nounces need not be private and may be exposed to the attacker. In -- fact, in the safe version of these locking function, we pick the -- nounce at random (using the csprg) and pack it into the AEAD token. -- $specific$ -- -- For specific algorithms, the unsafe version is also available -- -- * Raaz.AuthEncrypt.Unsafe.ChaCha20Poly1305 -- * Raaz.AuthEncrypt.Unsafe.XChaCha20Poly1305 -- -- The former has a smaller nounce (96-bits) than the latter -- (192-bits) and hence there is a slight risk in using it with -- randomly generated nounces. It is however, slightly faster and is -- safe to use when there is frequent key resets as in the case of -- network protocols. As with other cases we recommend the use of the -- default interface instead of the specific one when ever possible.