Re: [TLS] chacha to replace RC4 (was: Salsa vs. ChaCha)
Nikos Mavrogiannopoulos <nmav@redhat.com> Fri, 06 December 2013 15:57 UTC
Return-Path: <nmav@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B29E1AE035 for <tls@ietfa.amsl.com>; Fri, 6 Dec 2013 07:57:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.903
X-Spam-Level:
X-Spam-Status: No, score=-6.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6OExdhW2B2L6 for <tls@ietfa.amsl.com>; Fri, 6 Dec 2013 07:57:28 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by ietfa.amsl.com (Postfix) with ESMTP id 3102B1AE001 for <tls@ietf.org>; Fri, 6 Dec 2013 07:57:28 -0800 (PST)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id rB6FvMZm002082 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 6 Dec 2013 10:57:23 -0500
Received: from [10.34.2.127] (dhcp-2-127.brq.redhat.com [10.34.2.127]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id rB6FvKAY028053 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 6 Dec 2013 10:57:21 -0500
Message-ID: <1386345440.29004.2.camel@dhcp-2-127.brq.redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: Nick Mathewson <nickm@torproject.org>
Date: Fri, 06 Dec 2013 16:57:20 +0100
In-Reply-To: <CAKDKvuw0EKJpbGxOmGGUHK3m0fOy43wwCLh3ZO-a06xrK2Mebg@mail.gmail.com>
References: <CAM_a8JzY8VGq+N-5YbDk_3EdXkKJzof1BtUTVY8pJev2HZ9U6g@mail.gmail.com> <1384850165.2542.13.camel@dhcp-2-127.brq.redhat.com> <5296C6D7.2040509@dei.uc.pt> <1386332388.3430.22.camel@dhcp-2-127.brq.redhat.com> <CABqy+spiBPaGrk7ipeWvC2Z_B=MeDVZAmmEbXL-Pa2Lf-6UA2Q@mail.gmail.com> <1386336151.3430.34.camel@dhcp-2-127.brq.redhat.com> <CAKDKvuw0EKJpbGxOmGGUHK3m0fOy43wwCLh3ZO-a06xrK2Mebg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: Re: [TLS] chacha to replace RC4 (was: Salsa vs. ChaCha)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2013 15:57:30 -0000
On Fri, 2013-12-06 at 10:21 -0500, Nick Mathewson wrote: > The issue is that most implementations (all the ones I've seen, > actually, and Robert has probably looked at more than I have) have an > interface where you specify the number of bytes of output up front, > and generate. They do not have an incremental "generate the next N > bytes of the stream" function. > > That said, it's pretty trivial to adopt _any_ of the implementations > I've seen so that they would run incrementally; it's not a difficult > programming problem. You'd need to add 512 bits of memory overhead > for each chacha instance, and you'd take a little performance overhead > from the bookkeeping, but that's not a huge deal. I also think so. > And *that* said, it's also trivial to avoid the need to make any such > change, by taking the strategy Adam's draft does, and using a > different nonce for each record. A different nonce for each record is mandatory if chacha or salsa20 are to be used with DTLS. This has been the case from the first draft we had in salsa20. So I think the previous comment is not applicable to the draft I posted. regards, Nikos
- [TLS] Salsa vs. ChaCha Zooko Wilcox-OHearn
- Re: [TLS] Salsa vs. ChaCha Nikos Mavrogiannopoulos
- Re: [TLS] Salsa vs. ChaCha Samuel Neves
- Re: [TLS] Salsa vs. ChaCha Nikos Mavrogiannopoulos
- [TLS] chacha to replace RC4 (was: Salsa vs. ChaCh… Nikos Mavrogiannopoulos
- Re: [TLS] chacha to replace RC4 (was: Salsa vs. C… Robert Ransom
- Re: [TLS] chacha to replace RC4 (was: Salsa vs. C… Nikos Mavrogiannopoulos
- Re: [TLS] chacha to replace RC4 (was: Salsa vs. C… Nikos Mavrogiannopoulos
- Re: [TLS] chacha to replace RC4 (was: Salsa vs. C… Nick Mathewson
- Re: [TLS] chacha to replace RC4 (was: Salsa vs. C… Nikos Mavrogiannopoulos
- Re: [TLS] chacha to replace RC4 (was: Salsa vs. C… Robert Ransom
- Re: [TLS] chacha to replace RC4 Manuel Pégourié-Gonnard
- Re: [TLS] chacha to replace RC4 (was: Salsa vs. C… Samuel Neves
- Re: [TLS] chacha to replace RC4 (was: Salsa vs. C… Brian Smith
- Re: [TLS] chacha to replace RC4 (was: Salsa vs. C… Nikos Mavrogiannopoulos