Re: [cryptography] OT: Speeding up and strengthening HTTPS connections for Chrome on Android
On 26/04/2014 02:15 am, grarpamp wrote: On Fri, Apr 25, 2014 at 5:36 PM, ianG i...@iang.org wrote: On 25/04/2014 22:14 pm, Jeffrey Walton wrote: Somewhat off-topic, but Google took ChaCha20/Poly1305 live. http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html ... It also *does not support any cipher suite negotiation*, instead it always uses a fixed suite (the current implementation[2] uses ECDHE-Curve25519-Chacha-Poly1305). Where is this last bit quoted from? The full suite as (pictured) in the blog is: ecdhe_rsa_chacha20_poly1305. Full post was this one, apologies for segway to an entirely different venture: http://www.metzdowd.com/pipermail/cryptography/2014-April/021131.html From Guus. iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] OT: Speeding up and strengthening HTTPS connections for Chrome on Android
Somewhat off-topic, but Google took ChaCha20/Poly1305 live. http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html Earlier this year, we deployed a new TLS cipher suite in Chrome that operates three times faster than AES-GCM on devices that don’t have AES hardware acceleration, including most Android phones, wearable devices such as Google Glass and older computers. This improves user experience, reducing latency and saving battery life by cutting down the amount of time spent encrypting and decrypting data. To make this happen, Adam Langley, Wan-Teh Chang, Ben Laurie and I began implementing new algorithms -- ChaCha 20 for symmetric encryption and Poly1305 for authentication -- in OpenSSL and NSS in March 2013. It was a complex effort that required implementing a new abstraction layer in OpenSSL in order to support the Authenticated Encryption with Associated Data (AEAD) encryption mode properly. AEAD enables encryption and authentication to happen concurrently, making it easier to use and optimize than older, commonly-used modes such as CBC. Moreover, recent attacks against RC4 and CBC also prompted us to make this change. ... ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] OT: Speeding up and strengthening HTTPS connections for Chrome on Android
On 25/04/2014 22:14 pm, Jeffrey Walton wrote: Somewhat off-topic, but Google took ChaCha20/Poly1305 live. http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html Earlier this year, we deployed a new TLS cipher suite in Chrome that operates three times faster than AES-GCM on devices that don’t have AES hardware acceleration, including most Android phones, wearable devices such as Google Glass and older computers. This improves user experience, reducing latency and saving battery life by cutting down the amount of time spent encrypting and decrypting data. To make this happen, Adam Langley, Wan-Teh Chang, Ben Laurie and I began implementing new algorithms -- ChaCha 20 for symmetric encryption and Poly1305 for authentication -- in OpenSSL and NSS in March 2013. It was a complex effort that required implementing a new abstraction layer in OpenSSL in order to support the Authenticated Encryption with Associated Data (AEAD) encryption mode properly. AEAD enables encryption and authentication to happen concurrently, making it easier to use and optimize than older, commonly-used modes such as CBC. Moreover, recent attacks against RC4 and CBC also prompted us to make this change. ... Progress for OpenSSL! Here's hoping they also see the light and drop every other ciphersuite as fast as they can. We hope there will be even greater adoption of this cipher suite, and look forward to seeing other websites deprecate AES-SHA1 and RC4-SHA1 in favor of AES-GCM and ChaCha20-Poly1305 since they offer safer and faster alternatives. Close! 2 is s much closer to 1, it's even O(1). iang ps; obligatary toot: http://iang.org/ssl/h1_the_one_true_cipher_suite.html pps; Google, take your lead from Guus: ... It also *does not support any cipher suite negotiation*, instead it always uses a fixed suite (the current implementation[2] uses ECDHE-Curve25519-Chacha-Poly1305). The man! ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] OT: Speeding up and strengthening HTTPS connections for Chrome on Android
On Fri, Apr 25, 2014 at 5:36 PM, ianG i...@iang.org wrote: On 25/04/2014 22:14 pm, Jeffrey Walton wrote: Somewhat off-topic, but Google took ChaCha20/Poly1305 live. http://googleonlinesecurity.blogspot.com/2014/04/speeding-up-and-strengthening-https.html ... It also *does not support any cipher suite negotiation*, instead it always uses a fixed suite (the current implementation[2] uses ECDHE-Curve25519-Chacha-Poly1305). Where is this last bit quoted from? The full suite as (pictured) in the blog is: ecdhe_rsa_chacha20_poly1305. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography