[cryptography] 100 Gbps line rate encryption

Peter Maxwell peter at allicient.co.uk
Wed Jul 17 12:38:56 EDT 2013


On 17 July 2013 08:50, William Allen Simpson <
william.allen.simpson at gmail.com> wrote:

>
>
>  In summary, don't use RC4. Don't use it carelessly with IVs. And don't
>> use RC4.
>>
>>  RC4 is available in many libraries and platforms.  For the
> immediate future, it is most easily and likely implemented.
>
> We need something yesterday, not next year.
>

So is Salsa20, for that matter you have optimised versions available in
NaCl, etc.



>
> So, that's one of the options being explored.  All I'm
> trying to cover is doing it as securely as possible.
>

Then RC4 is not the way to go, especially when you're starting off with
anything standardisation shaped.




>
> (As I've some experience with this, you can rest assured
> that I've a fair understanding of IVs and other mechanics.)
>


>  Consider using Salsa20 instead.
>>
>>  It would be helpful for folks to read the entire thread
> before making off the wall comments.
>
> Yes, folks have mentioned Salsa20.  It doesn't seem as
> amenable to PPP packets as I would like.  But as I was
> looking at it, is seemed he'd moved on to ChaCha.  I'm
> behind the times on this....
>

You're rekeying RC4 every packet and having to construct an do-it-yourself
IV scheme, that doesn't seem particularly amenable to begin with.



>
> So, let's talk about what to choose for something fast and
> "modern" to implement in the next decade....  We cannot
> recommend a dozen EU possibilities.  We need something
> that's already had some significant analysis.  Salsa20 or
> ChaCha?  Discuss.


Salsa20, you can choose one of the faster variants.

If you're not wanting encryption for appearances sake - and your phrase
"securely as possible" above indicates that - you may also want to consider
a MAC... again these days you have easy(ish) options.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130717/83431393/attachment-0001.html>


More information about the cryptography mailing list