[Cryptography] recommending ChaCha20 instead of RC4 (RC4 again)

[Miroslav Kratochvil]

Hello,

Thanks for ChaCha20 suggestion, I've been poking around a bit and it
actually seems as the best choice for this case. (I already use DJB's other
product (cubehash) with great results).

I was kindof hoping to see some more RC4 support though, you know :]

with best regards,
-mk


On Sun, Mar 9, 2014 at 5:23 AM, Zooko O'Whielacronx <zookog at gmail.com>wrote:

> If you like RC4, you might like ChaCha20.
>
> https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant
>
> Like RC4, it is a stream cipher, but unlike RC4 it is widely liked by
> modern cryptographers. That's a generalization, of course, but:
>
> * ChaCha20 is a variant of Salsa20, which was one of the winners of
> the eSTREAM competition: http://www.ecrypt.eu.org/stream/index.html
>
> * There is work to implement it in TLS (to replace RC4):
> https://www.imperialviolet.org/2013/10/07/chacha20.html
>
> * It's now included in OpenSSH:
> http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html
>
> * It is the core of my favorite secure hash function, BLAKE2!
> https://blake2.net/ (Disclosure: I'm one of the authors of BLAKE2, but
> not of the original "BLAKE" from which BLAKE2 is derived.)
>
> Oh yes, and ChaCha is much more efficient than RC4.
> http://www.cryptopp.com/benchmarks.html says that modified alleged RC4
> ("MARC4") takes about 14 cycles per byte and that Salsa20 takes about
> 4 cycles per byte. http://bench.cr.yp.to/results-stream.html says that
> ChaCha20 is usually around 15% more efficient than Salsa20 on modern
> Intel CPUs.
>
> Regards,
>
> Zooko
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140312/7cf8a058/attachment.html>