Thread: Salting salsa20 in Python 3.x

1. No Profile Picture
Registered User
Devshed Newbie (0 - 499 posts)

Join Date
Sep 2013
Posts
19
Rep Power
0

Salting salsa20 in Python 3.x

Someone recommended a course in cryptography being offered over the internet. Pretty early on I learned about the salsa20 stream cipher.

Simple arithmetic tells me that an insignificant repetition probability in 2^40 occurrences is enough to cover 10 gig of data, which is plenty for most uses provided that a brand new cipher is generated for all 10-gig data units.

So I guess I need a 4-byte salt that does not offer a significant chance of repetition in 2^40 occurrences.

I know the Python random module doesn't provide that. What does, and how can I use it to generate the salt?
2. Look at the random number generators in the gsl. Probably some of them have a sufficiently long period.

I don't know why you need 2**80 amount of data, then again, I don't understand all that well so never mind.
3. No Profile Picture
Registered User
Devshed Newbie (0 - 499 posts)

Join Date
Sep 2013
Posts
19
Rep Power
0
The idea is to have an insignificant rate of repetition over the entire life of the stream cipher key, because rate of repetition is a very basic vulnerability in stream encryption. A period of 2**30 offers a significant rate of repetition, but a period of 2**80 does not.
4. I think the problem of repetitious salt is related to this at rosettacode.org
Every now and then I consider cracking this message. I haven't peeked at the answer!
5. No Profile Picture
Registered User
Devshed Newbie (0 - 499 posts)

Join Date
Sep 2013
Posts
19
Rep Power
0
I did look at people's suggested solutions in various languages, and the Python solution is the only one that does the job without either requiring further user decisions, or relying on multiple scripts, or having a limitation on accidentally occurring English words in the cyphertext.I've copied and saved the Python script on my hard drive so I can study it offline. I note that it does the whole job by importing only two methods from two modules--not two actual modules, just two methods. Plus it's reasonably short. Thanks very much for referring me to that page!

But, as far as I know, the Vigenere cipher is not a stream cipher, and there are older, lower-tech ways to crack it, which were actually figured out not long after the Vigenere cipher was first used in practice.
6. No Profile Picture
Contributing User
Devshed Novice (500 - 999 posts)

Join Date
May 2009
Posts
667
Rep Power
40
I'm not familar with this either, but Python does include a SystemRandom class which uses various system resources to produce the numbers so should not repeat beyond what ever the "norm" is for that size of data.

"Sequences produced by SystemRandom are not reproducable because the randomness is coming from the system, rather than software state"
Last edited by dwblas; September 13th, 2013 at 02:38 PM.
7. No Profile Picture
Registered User
Devshed Newbie (0 - 499 posts)

Join Date
Sep 2013
Posts
19
Rep Power
0
Here's the full text from the introductory description:

Some operating systems provide a random number generator that has access to more sources of entropy that can be introduced into the generator. random exposes this feature through the SystemRandom class, which has the same API as Random but uses os.urandom() to generate the values that form the basis of all of the other algorithms.
I'm pretty sure Linux OSs of all descriptions support this, but the question is what the predictability is. I'll have to ask around to find out about that.