On Monday, 8 January 2018 22:10:07 CET William Bathurst wrote: > Hi Hanno/all, > > I can understand your view that "more is not always good" in crypto. The > reasoning behind the offering can be found in the following whitepaper: > > https://csrc.nist.gov/csrc/media/events/lightweight-cryptography-workshop-20 > 15/documents/papers/session1-shors-paper.pdf > > I will summarize in a different way though. We wish to offer an > optimized lightweight TLS for IoT. A majority of devices found in IoT > are resource constrained, for example a device CPU may only have 32K of > RAM. Therefore security is an afterthought by developers. For some only > AES 128 is available and they wish to use 256 bit encryption. Then Speck > 256 would be an option because it has better performance and provides > sufficient security.
so security is afterthought, but they got out of their way to use "more secure" (debatable) option? sorry, that does not hold water -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
Description: This is a digitally signed message part.
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev