On 7/17/13 4:29 AM, Tor Erling Bjørstad wrote:
Salsa20/12 or /20. Not because there's anything wrong with the ChaCha variant, but because Salsa20 is "good enough" and also better established. Note e.g. that Salsa20 is what's used in NaCl [1] (released well after ChaCha was proposed).
Thank you (to all who mentioned this). Good information.
Regarding ESTREAM, disregard the hardware ciphers in the final portfolio. That limits the number of algorithms to four. Of these, I think Salsa20 is the only one that has obtained significant adoption. However, if I were to pick another, I'd be partial to HC-128 due to its simple (somewhat RC4-like) design and very impressive software performance. [1] http://nacl.cr.yp.to/stream.html
And there's HC-256, according to wikipedia. But what about independent analysis? And is it really faster? Salsa20: 4–14 cycles per byte HC-256: 4 cycles per byte. HC-128: 3 cycles per byte. But HC-* has a huge per packet setup penalty!?!? _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography