[2013-07-18, William Allen Simpson]
On 7/17/13 4:29 AM, Tor Erling Bjørstad wrote:
Regarding ESTREAM, disregard the hardware ciphers in the final
portfolio. That limits the number of algorithms to four. Of these,
I think Salsa20 is the only one that has obtained significant
adoption. However,
On 7/18/13 4:36 AM, Tor Erling Bjørstad wrote:
What makes HC-* interesting to me is that it's pretty much as fast as one
gets it, for a strong pure software cipher encrypting long streams of data.
If one has a limited number of data streams that are pushing a huge number
of bits over the wire,
On 7/16/13 11:15 AM, Matthew Green wrote:
http://www.isg.rhul.ac.uk/tls/RC4biases.pdf
Thanks for bringing this pre-print link to my attention!
In summary, don't use RC4. Don't use it carelessly with IVs. And don't use RC4.
RC4 is available in many libraries and platforms. For the
[2013-07-17, William Allen Simpson]
On 7/16/13 11:15 AM, Matthew Green wrote:
Consider using Salsa20 instead.
It would be helpful for folks to read the entire thread
before making off the wall comments.
Yes, folks have mentioned Salsa20. It doesn't seem as
amenable to PPP packets as I would
Hi Bill,
On 17/07/13 10:50 AM, William Allen Simpson wrote:
Yes, folks have mentioned Salsa20. It doesn't seem as
amenable to PPP packets as I would like.
I don't quite know what that means, but reading quickly:
http://tools.ietf.org/html/draft-simpson-ppp-arc4-00
it seems you are doing the
[0] I haven't found them for XSalsa as yet. Don't know about ChaCha.
They are both included in
http://bench.cr.yp.to/primitives-stream.html
with reference implementations and efficient implementaiton. The
supercop test framework (downloadable from eBACS) checks other
implementations
On Wed, Jul 17, 2013 at 7:42 AM, ianG i...@iang.org wrote:
On 17/07/13 10:50 AM, William Allen Simpson wrote:
Thing is, you don't just need an encryption algorithm, you also need IV,
MAC, Padding concepts. (I agree that using a stream cipher obviates any
messing Padding needs and the 'mode'
On 17 July 2013 08:50, William Allen Simpson
william.allen.simp...@gmail.com wrote:
In summary, don't use RC4. Don't use it carelessly with IVs. And don't
use RC4.
RC4 is available in many libraries and platforms. For the
immediate future, it is most easily and likely implemented.
We
On Wed, Jul 17, 2013 at 03:50:50AM -0400, William Allen Simpson wrote:
On 7/16/13 11:15 AM, Matthew Green wrote:
http://www.isg.rhul.ac.uk/tls/RC4biases.pdf
Thanks for bringing this pre-print link to my attention!
In summary, don't use RC4. Don't use it carelessly with IVs. And don't use
William Allen Simpson william.allen.simp...@gmail.com wrote:
We need something yesterday, not next year.
...
Yes, folks have mentioned Salsa20. ...
So, let's talk about what to choose for something fast and
modern to implement in the next decade We cannot
recommend a dozen EU
On 7/17/13 4:29 AM, Tor Erling Bjørstad wrote:
Salsa20/12 or /20. Not because there's anything wrong with
the ChaCha variant, but because Salsa20 is good enough and
also better established. Note e.g. that Salsa20 is what's
used in NaCl [1] (released well after ChaCha was proposed).
Thank you
On 6/22/13 8:24 PM, Greg Rose wrote:
On Jun 22, 2013, at 15:31 , James A. Donald jam...@echeque.com wrote:
On 2013-06-23 6:47 AM, Peter Maxwell wrote:
I think Bernstein's Salsa20 is faster and significantly more secure than RC4,
whether you'll be able to design hardware to run at line-speed
On Tue, Jul 16, 2013 at 03:23:01AM -0400, William Allen Simpson wrote:
On 6/22/13 8:24 PM, Greg Rose wrote:
On Jun 22, 2013, at 15:31 , James A. Donald jam...@echeque.com wrote:
On 2013-06-23 6:47 AM, Peter Maxwell wrote:
I think Bernstein's Salsa20 is faster and significantly more secure
William Allen Simpson william.allen.simp...@gmail.com wrote:
A quick question: what are our current options for 100 Gbps
line rate encryption?
Are we still using variants of ARC4?
The European Union's Estream contest gave two small
portfolios of ciphers, four for software implementation
and
The use of RC4 should be avoided even with the drop-N due to biases that occur
later in the key stream. You should also be extremely careful about mixing IVs
with the key. At a minimum you ought to use a modern cryptographic hash
function -- there's no evidence that repeating key setup is
Are you assuming a single core?
I ran 'openssl speed' on an 8-core 2.9 GHz Intel Xeon E5-2690 with
hyperthreading enabled, which gives it 16 logical cores. It's an artificial
benchmark, but openssl is able to encrypt using AES-XTS with 128-bit keys
at 28 gigabytes / second for 8KB blocks, which
The fastest hardware implementation of RC4 that I know is 2 bytes/clock. I
personally programmed a 1 byte/clock RC4 in a FPGA, it's quite simple.
At 2 bytes/clock you still need a clock of 10 gigahertz to encrypt 100
Gbps. That's unfeasible, the way it's done is using paralelism, then you
can use
Oops, miscalculation. That should be a 6.5 Ghz clock for 100 Gbps. ((100
Gbps/8)/2) . Anyway I don't think anybody has hardware that fast except
maybe for IBM with the Power8.
The fastest hardware implementation of RC4 that I know is 2 bytes/clock. I
personally programmed a 1 byte/clock RC4 in
I think Bernstein's Salsa20 is faster and significantly more secure than
RC4, whether you'll be able to design hardware to run at line-speed is
somewhat more questionable though (would be interested to know if it's
possible right enough).
On 22 June 2013 18:35, William Allen Simpson
On 2013-06-23 6:47 AM, Peter Maxwell wrote:
I think Bernstein's Salsa20 is faster and significantly more secure
than RC4, whether you'll be able to design hardware to run at
line-speed is somewhat more questionable though (would be interested
to know if it's possible right enough).
I
Would anybody dare to use a SHA256 based stream cipher? (XOR with checksum
of key and counter or whatever you want to throw in there.) Would it be
faster than RC4/Salsa20? I'm a bit curious about why nobody seems to be
using hash/checksum based stream ciphers.
2013/6/23 James A. Donald
On 22 June 2013 23:31, James A. Donald jam...@echeque.com wrote:
On 2013-06-23 6:47 AM, Peter Maxwell wrote:
I think Bernstein's Salsa20 is faster and significantly more secure than
RC4, whether you'll be able to design hardware to run at line-speed is
somewhat more questionable though
On Jun 22, 2013, at 15:31 , James A. Donald jam...@echeque.com wrote:
On 2013-06-23 6:47 AM, Peter Maxwell wrote:
I think Bernstein's Salsa20 is faster and significantly more secure than
RC4, whether you'll be able to design hardware to run at line-speed is
somewhat more questionable
23 matches
Mail list logo