[Cryptography] recommending ChaCha20 instead of RC4 (RC4 again)

Jon Callas jon at callas.org
Wed Mar 12 20:32:44 EDT 2014

Hash: SHA1

On Mar 12, 2014, at 11:48 AM, dj at deadhat.com wrote:

> Every CCM implementation I've seen or designed myself in commercial
> products has been in hardware.

I'm doing it only in software.

> I like CCM because I can see how it works without needing a degree in
> mathematics and because the authors paid attention to how packets are
> encoded. I'm one of those that voted OCB off the 802.11i island in favor
> of CCM.

Yup. I ended up settling on it two years ago because it was in SJCL. Well, not totally for that, but it was there and that settled the debate.

> If you need many bytes/clock, GCM is the right choice. Hence 802.11i used
> CCM whereas 802.1AE (really for 802.3) used GCM since it has to work on
> wired protocols.

This is about to inspire a rant. Yeah, performance is great, but I see a train wreck coming five years from now because someone misuses GCM.


Version: PGP Universal 3.2.0 (Build 1672)
Charset: iso-8859-1


More information about the cryptography mailing list