Stefan Bühler <[email protected]> writes: > What about: > > chacha20_crypt (20 rounds) > chacha12_crypt (12 rounds) > chacha_set_key128 (128 key bits) > chacha_set_key256 (256 key bits) > salsa20_set_key128 (128 key bits) > salsa20_set_key256 (256 key bits)
My gut feeling is that think putting the number of bits last is too inconsistent with aes128_set_*_key and similar functions. >> Opinions? > > Imho moving Salsa20/R functions to the ChachaR naming would work too :) That's one option. What do others think? (We could keep aliases for backwards compatibility, whenever practical). > And don't forget XSalsa20/r (using HSalsa20/r and an additional 128-bit > nonce, defined only for 256-bit keys afaik, but theoretically should > work with 128-bit keys too)... xsalsa20r12_set_key256? :D I'm not familier with those variants. But I think they should have a different name space (e.g., xsalsa*), so at least they shouldn't collide with plain salsa20 functions. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
