[Cryptography] recommending ChaCha20 instead of RC4 (RC4 again)

Stephen Farrell stephen.farrell at cs.tcd.ie
Sat Mar 15 18:34:34 EDT 2014

On 03/15/2014 07:46 PM, Ralf Senderek wrote:
> On Sat, 15 Mar 2014 16:31:05 ianG wrote:
>> If people stop believing in institutions such as standards bodies,
>> certification bodies, and governments, the question is, what or whom
>> will they trust?  And what could actually deliver that trust?

Too many questions rolled into one for me.

(Being v. active in the IETF) I do trust that its making real
attempts to do as well as possible, imperfect and all as the
outcomes always are. Any process that produces so much would
be equally imperfect according to pretty much any process I
figure, but we don't need to go there.

I do not personally trust that Governments will ever stop
pervasive monitoring so long as they have the capability. That
holds for me no matter what they say, or the various relevant
legislatures say. I do nonetheless think its worth (other:-)
folks time trying to campaign for legal changes etc.

But for me I conclude that trying to make as much of the
technology that gets used have as much resistance against
this attack is the approach to try, while not aiming for
perfection, and without claiming that other approaches are
that wrong.


>> It seems that without a good answer to that, there isn't much point in
>> choosing one technical approach versus another.
> +1 Finally, we're back on topic.

I figure folkk

>     --ralf
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list