[Cryptography] recommending ChaCha20 instead of RC4 (RC4 again)

dan at geer.org dan at geer.org
Wed Mar 12 21:56:54 EDT 2014

> This is about to inspire a rant. Yeah, performance is great, but I see
> a train wreck coming five years from now because someone misuses GCM.

Back to the conference room and the sales cycle, how many, many times
I've had some prospective customer say something like "10% performance
hit for security? That's a deal breaker!"

My answer: "Well, 10% is 2.5 months' worth of Moore's Law..."

Sometimes it worked.  Sometimes it didn't.


More information about the cryptography mailing list