[Cryptography] RC4 again (actual security, scalability and other discussion)

[Miroslav Kratochvil]

> RC4 has been around for much longer the chacha20, and has been subject to
> a hell of a lot more cryptanalytic attack.  So far, it's stood up
> remarkably well - especially when you consider how simple its basic ideas
> are, and how far cryptanalysis has advanced in the interim.  (RC4 was
> designed in 1987 - making it roughly contemporaneous with the publication
> of differential cryptanalysis, arguably the beginning of a serious public
> cryptanalytic capability.)
>
>
Thanks for this ^. It's the whole point I'm usually explaining summed up in
one nice paragraph.

Moreover, I consider the simplicity of basic ideas an advantage. From the
point that "there is nothing to hide", roughly referring to the bad
elliptic crypto params we've seen recently. DJB's crypto (including chacha,
cubehash and most others) is remarkably good from this perspective.


> Perhaps chacha20 is the way to go.  I think the design behind it is a very
> nice bit of work, but whether it will stand the test of time is impossible
> to answer.
>

I'm actually going to implement chacha20 - it's reasonably simple as well,
and the users will be able to decide whether to use chacha20 (new&shiny) or
rc4 (tested but with somehow bad public reputation).

Thanks for the opinion :]

-mk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140312/aac6c473/attachment.html>