[2013-07-17, William Allen Simpson] >On 7/16/13 11:15 AM, Matthew Green wrote: >> Consider using Salsa20 instead. >> >It would be helpful for folks to read the entire thread >before making off the wall comments. > >Yes, folks have mentioned Salsa20. It doesn't seem as >amenable to PPP packets as I would like. But as I was >looking at it, is seemed he'd moved on to ChaCha. I'm >behind the times on this.... > >So, let's talk about what to choose for something fast and >"modern" to implement in the next decade.... We cannot >recommend a dozen EU possibilities. We need something >that's already had some significant analysis. Salsa20 or >ChaCha? Discuss.
Salsa20/12 or /20. Not because there's anything wrong with the ChaCha variant, but because Salsa20 is "good enough" and also better established. Note e.g. that Salsa20 is what's used in NaCl [1] (released well after ChaCha was proposed). Regarding ESTREAM, disregard the hardware ciphers in the final portfolio. That limits the number of algorithms to four. Of these, I think Salsa20 is the only one that has obtained significant adoption. However, if I were to pick another, I'd be partial to HC-128 due to its simple (somewhat RC4-like) design and very impressive software performance. Cheers, Tor [1] http://nacl.cr.yp.to/stream.html _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography