[Cryptography] recommending ChaCha20 instead of RC4 (RC4 again)
Jon Callas
jon at callas.org
Wed Mar 12 20:32:44 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mar 12, 2014, at 11:48 AM, dj at deadhat.com wrote:
> Every CCM implementation I've seen or designed myself in commercial
> products has been in hardware.
I'm doing it only in software.
>
> I like CCM because I can see how it works without needing a degree in
> mathematics and because the authors paid attention to how packets are
> encoded. I'm one of those that voted OCB off the 802.11i island in favor
> of CCM.
Yup. I ended up settling on it two years ago because it was in SJCL. Well, not totally for that, but it was there and that settled the debate.
>
> If you need many bytes/clock, GCM is the right choice. Hence 802.11i used
> CCM whereas 802.1AE (really for 802.3) used GCM since it has to work on
> wired protocols.
This is about to inspire a rant. Yeah, performance is great, but I see a train wreck coming five years from now because someone misuses GCM.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: iso-8859-1
wj8DBQFTIPytsTedWZOD3gYRAodhAJ4/QvSVnZhOwvaOMkVwoMz2lcIgzgCff/XC
e+vh4caJIwjqJL+LC/89Uxw=
=YJwP
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list