[Cryptography] [cryptography] OT: Speeding up and strengthening HTTPS connections for Chrome on Android

ianG iang at iang.org
Fri Apr 25 17:36:24 EDT 2014 

On 25/04/2014 22:14 pm, Jeffrey Walton wrote:
> Somewhat off-topic, but Google took ChaCha20/Poly1305 live.
> 
> http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html
> 
> Earlier this year, we deployed a new TLS cipher suite in Chrome that
> operates three times faster than AES-GCM on devices that don’t have
> AES hardware acceleration, including most Android phones, wearable
> devices such as Google Glass and older computers. This improves user
> experience, reducing latency and saving battery life by cutting down
> the amount of time spent encrypting and decrypting data.
> 
> To make this happen, Adam Langley, Wan-Teh Chang, Ben Laurie and I
> began implementing new algorithms -- ChaCha 20 for symmetric
> encryption and Poly1305 for authentication -- in OpenSSL and NSS in
> March 2013. It was a complex effort that required implementing a new
> abstraction layer in OpenSSL in order to support the Authenticated
> Encryption with Associated Data (AEAD) encryption mode properly. AEAD
> enables encryption and authentication to happen concurrently, making
> it easier to use and optimize than older, commonly-used modes such as
> CBC. Moreover, recent attacks against RC4 and CBC also prompted us to
> make this change.
> 
> ...


Progress for OpenSSL!  Here's hoping they also see the light and drop
every other ciphersuite as fast as they can.

> We hope there will be even greater adoption of this
> cipher suite, and look forward to seeing other websites
> deprecate AES-SHA1 and RC4-SHA1 in favor of AES-GCM and
> ChaCha20-Poly1305 since they offer safer and faster
> alternatives.


Close!  2 is soooo much closer to 1, it's even O(1).

iang

ps;  obligatary toot:
http://iang.org/ssl/h1_the_one_true_cipher_suite.html

pps;  Google, take your lead from Guus:

> ... It also *does not support any cipher suite negotiation*,
> instead it always uses a fixed suite (the current
> implementation[2] uses ECDHE-Curve25519-Chacha-Poly1305).

The man!

More information about the cryptography mailing list