[Cryptography] Crypto best practices

[Peter Gutmann]

Ray Dillinger <bear at sonic.net> writes:

>Stream Ciphers simply aren't worth the level of complexity risk required to
>design with them any more, and have not been for a long time.

+1 to all of that.  It's the "RC4 all over again" thing, we have about two
decades of experience showing that if you give J.Random coder a stream cipher
to use for data encryption, they're probably going to get it wrong.  Even
experts get it wrong, e.g. tarsnap (although in that case I'm not sure if the
lesson is "stream ciphers are too dangerous to use" or "CTR mode is too
dangerous to use").  There are far safer alternatives to stream ciphers
around, in this case meaning "pretty much everything that isn't a stream
cipher".

Peter.