[Cryptography] RC4 again (actual security, scalability and other discussion)

Alan Braggins alan.braggins at gmail.com
Mon Mar 10 12:13:38 EDT 2014

On 09/03/14 21:11, Theodore Ts'o wrote:
> He was recommending salsa20 only if you have performance requirements
> that can't be met by AES.  And given that many modern CPU chips have
> hardware support for AES, including Intel, Arm, and Power chipsets,
> presumably this mostly applies to people who need to implement
> software on legacy CPU's.

Some ARM chipsets have hardware support for (constant time) AES-GCM.
There are a lot of mobile phones using chipsets that don't.

More information about the cryptography mailing list