[cryptography] 100 Gbps line rate encryption

Peter Maxwell peter at allicient.co.uk
Wed Jul 17 12:38:56 EDT 2013

On 17 July 2013 08:50, William Allen Simpson <
william.allen.simpson at gmail.com> wrote:

>  In summary, don't use RC4. Don't use it carelessly with IVs. And don't
>> use RC4.
>>  RC4 is available in many libraries and platforms.  For the
> immediate future, it is most easily and likely implemented.
> We need something yesterday, not next year.

So is Salsa20, for that matter you have optimised versions available in
NaCl, etc.

> So, that's one of the options being explored.  All I'm
> trying to cover is doing it as securely as possible.

Then RC4 is not the way to go, especially when you're starting off with
anything standardisation shaped.

> (As I've some experience with this, you can rest assured
> that I've a fair understanding of IVs and other mechanics.)

>  Consider using Salsa20 instead.
>>  It would be helpful for folks to read the entire thread
> before making off the wall comments.
> Yes, folks have mentioned Salsa20.  It doesn't seem as
> amenable to PPP packets as I would like.  But as I was
> looking at it, is seemed he'd moved on to ChaCha.  I'm
> behind the times on this....

You're rekeying RC4 every packet and having to construct an do-it-yourself
IV scheme, that doesn't seem particularly amenable to begin with.

> So, let's talk about what to choose for something fast and
> "modern" to implement in the next decade....  We cannot
> recommend a dozen EU possibilities.  We need something
> that's already had some significant analysis.  Salsa20 or
> ChaCha?  Discuss.

Salsa20, you can choose one of the faster variants.

If you're not wanting encryption for appearances sake - and your phrase
"securely as possible" above indicates that - you may also want to consider
a MAC... again these days you have easy(ish) options.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130717/83431393/attachment-0001.html>

More information about the cryptography mailing list