[Cryptography] recommending ChaCha20 instead of RC4 (RC4 again)

Bill Frantz frantz at pwpconsult.com
Thu Mar 13 18:43:42 EDT 2014

On 3/13/14 at 6:19 AM, dan at geer.org wrote:

>Let's stipulate that you are entirely correct.  How do we react if
>we are to learn the lessons of history, etc.?  Can a lack of
>speedups-to-come be itself relied upon enough to factor that into
>design decisions yet to be made, such as to put aside any need to
>design in resistance to a sped-up future or to demand specialized
>chipsets for devices that will have no remote management interface?

First, we get no relief from the danger of exhaustive search. It 
is trivial to parallelize.

If we are interested in security, then we must (a) be willing 
and financially able to throw away the device, (b) be able to 
upgrade it, or (c) be willing to lose security. The cynic in me 
says we will always choose the (c), at least until we have been 
personally burned.

Cheers - Bill

Bill Frantz        | The first thing you need when  | Periwinkle
(408)356-8506      | using a perimeter defense is a | 16345 
Englewood Ave
www.pwpconsult.com | perimeter.                     | Los Gatos, 
CA 95032

More information about the cryptography mailing list