On 17 July 2013 08:50, William Allen Simpson < william.allen.simp...@gmail.com> wrote:
> > > In summary, don't use RC4. Don't use it carelessly with IVs. And don't >> use RC4. >> >> RC4 is available in many libraries and platforms. For the > immediate future, it is most easily and likely implemented. > > We need something yesterday, not next year. > So is Salsa20, for that matter you have optimised versions available in NaCl, etc. > > So, that's one of the options being explored. All I'm > trying to cover is doing it as securely as possible. > Then RC4 is not the way to go, especially when you're starting off with anything standardisation shaped. > > (As I've some experience with this, you can rest assured > that I've a fair understanding of IVs and other mechanics.) > > Consider using Salsa20 instead. >> >> It would be helpful for folks to read the entire thread > before making off the wall comments. > > Yes, folks have mentioned Salsa20. It doesn't seem as > amenable to PPP packets as I would like. But as I was > looking at it, is seemed he'd moved on to ChaCha. I'm > behind the times on this.... > You're rekeying RC4 every packet and having to construct an do-it-yourself IV scheme, that doesn't seem particularly amenable to begin with. > > So, let's talk about what to choose for something fast and > "modern" to implement in the next decade.... We cannot > recommend a dozen EU possibilities. We need something > that's already had some significant analysis. Salsa20 or > ChaCha? Discuss. Salsa20, you can choose one of the faster variants. If you're not wanting encryption for appearances sake - and your phrase "securely as possible" above indicates that - you may also want to consider a MAC... again these days you have easy(ish) options.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography