On Tue, Mar 4, 2014 at 2:40 PM, Niels Möller <[email protected]> wrote:
>> Does anyone else know of use or interest in 128-bit chacha keys? It >> would definitely make things a bit simpler if we can omit support for >> 128-bit keys. (And if we skip it now, we could of course reintroduce it >> later if it turns out to be needed). > For now, I've deleted the support for 128-bit chacha keys. And replaced > the "chacha256_" prefixes by "chacha_". > Not sure what to do about 96-bit nonces. I think I'll leave that for > now, and maybe introduce a chacha_set_xnonce later in case both > nonce-sizes needs to be supported. It has not been approved yet, but the latest TLS proposal for chacha is with 96-bit nonces and there is no plan to change. So at least for gnutls only the 96-bit nonce version is relevant. regards, Nikos _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
