Add alternative encryption algorithms

[vitonsky]

I've opened issue #894 but it has been closed with no attention, it looks that my suspicious is justified.

What about add more secure ciphers/encryption algorithms like twofish, serpent, kuznyechik to let user choose encryption they trust?

You've mentioned that currently implemented AES and XChaCha20-Poly1305, but your answer looks like USA government approved just these 2 algorithms to use in gocryptfs because they have some backdoors there and told you "reject all issues about new ciphers, or you will be jailed" and this is why you pretend my feature request is not about new encryption algorithms, but about something else.

[CodeCracker-oss]

AES (Rijndael) was adopted by the US as the standard encryption algorithm, not designed by the US like your other issue claims.

Xchacha20 was not approved by the US, it is just becoming more standard across the industry.

If you claim they have backdoors, please post the proof. They have been known for quite some time to be secure. With a lot of different encryption software on the market, I would say it is a bigger concern with what software your using for encryption, open-source vs proprietary, strength of your password...

Do you have any proof that the US government made such a threat to this projects developer?
I don't believe the developer is even based in the US, which if true means he is not even subject to US jurisdiction.

Carrying through with such a threat though, in the US would be a big constitutional violation if you understand US law, so I'm sure the people would love to know of this one.

Adding more ciphers to the software will increase the codebase, make it a bigger maintenance burden and possibility of introducing security issues. I would not recommend this being done.

If you want extra options like more ciphers, VeraCrypt is probably better suited.

[vitonsky]

@CodeCracker-oss ok mr police man, i see your point. I don't buy it.

AES encryption forced by the US government as and Xchacha20, since they have backdoors there.

If you claim they have backdoors, please post the proof

That is irrelevant argument. If i would have knowledge about backdoors in AES it is obvious i would never tell about it to the random person on the internet for free, because this knowledge have high price.

Adding more ciphers to the software will increase the codebase

The purpose of tool for encryption is to ensure data will be encrypted with a way that ensure nobody can decrypt it in reasonable time frame.

When AES is the only encryption option - this purpose is missed.

So there are reasons to add more ciphers if this tool purpose to serve security rather than be a honeypot of US government

[CodeCracker-oss]

Hm, I'm actually far from a policeman.
Actually anti-government.
Not sure where you got that from
Though I would rather not get political here.

You have no proof it is a honey pot, more like making acusations based on a mis guided belief in cryptography, or because your upset of missing options. There is more than just gocryptfs on the market, like securefs, cryfs, veracrypt..maybe one of those you would prefer. Every developer of software has there own ideas, and reason for creation.
It would be merely pointless to have each project copy another.

That is irrelevant argument. If i would have knowledge about backdoors in AES it is obvious i would never tell about it to the random person on the internet for free, because this knowledge have high price.

If I had knowledge, i would tell for free. Why? Because it betters the community.
I would rather protect others from being victimized through poor or proven backdoored security by warning them, than personal gain.
It is about making cryptography stronger, not weaker. Those who have criminal intentions are the ones to hide this, and exploit it.

The purpose of tool for encryption is to ensure data will be encrypted with a way ensure nobody can decrypt it in time frame.

That is correct, but adding risk of implementing security vulnerabilties is not worth it. See the audit performed on veracrypt soon after they added new ciphers, they had to remove because of security issues. Risk vs reward

I believe in user choice, it is why I do support veracrypt. Though there are some projects like cryptomator which were specifically created for ease of use, and secure by default which would be out of scope for that project. Do you see my point yet?

When AES is the only encryption option - this purpose is missed.

How so? You still have not proven AES is broken, or backdoored. In fact, AES has had the most cryptanalysis, no one has even cracked it yet, any data decrypted was always done through other means like bruteforce against the password, but never a successful direct attack.

There is a lot more to cryptography than just the cipher alone, are you concerned of potential backdoors in those (i.e hash functions and key derivitation functions)? What about government backdoors in your computer on a hardware level? No software could help you there.

[rfjakob]

Well said... Not a lot to add here.

I have to choose where I spend development time, and it won't be hypothetical weaknesses in AES and Chacha20.

[vitonsky]

@rfjakob what about contribution by community? Are you open for pull requests with new encryption algorithms?

If so, what are the limitations, restrictions, and rules that contributors must meet for their code to be merged?

[rfjakob]

PRs are possible.

Must be a high-quality algorithm and crypto library, and clean integration into gocryptfs.

The algorithm must be AEAD. Integration with gocryptfs must be via the [cipher.AEAD[(https://pkg.go.dev/crypto/cipher#AEAD) interface (possibly via wrapper like https://github.com/rfjakob/gocryptfs/blob/master/internal/siv_aead/siv_aead.go)