Changes between Version 21 and Version 22 of OneHundredYearCryptography


Ignore:
Timestamp:
2012-09-25T18:06:40Z (12 years ago)
Author:
zooko
Comment:

add link to measurements of performance.

Legend:

Unmodified
Added
Removed
Modified

  • OneHundredYearCryptography

    v21 v22  
    1212
    1313Open questions:
    14   * Should we use AES-128, AES-192, or AES-256? //Zooko says: I guess it is worth the added CPU cycles to use AES-256. The added CPU cycles on ARM, according to bench.cr.yp.to, is about 40 cycles per byte for AES-256 compared to about 28 cycles per byte for AES-128. See recent attacks on AES-128: http://eprint.iacr.org/2011/449 //
     14  * Should we use AES-128, AES-192, or AES-256? //Zooko says: I guess it is worth the added CPU cycles to use AES-256. The added CPU cycles on ARM, according to bench.cr.yp.to, is about 40 cycles per byte for AES-256 compared to about 28 cycles per byte for AES-128. See recent attacks on AES-128: http://eprint.iacr.org/2011/449 // Here are measurements of performance: https://tahoe-lafs.org/trac/pycryptopp/ticket/46#comment:13
    1515  * What KDF is used to generate the keys/IVs? //Zooko says: per [http://tahoe-lafs.org/pipermail/tahoe-dev/2010-June/004424.html this mailing list thread] HKDF might be a good choice for KDF.//
    1616  * Samuel Neves had an alternate proposal for encryption to use the same or similar mechanisms as we use for hashing: [http://tahoe-lafs.org/pipermail/tahoe-dev/2010-June/004487.html Samuel Neves proposal]. //Zooko says: Samuel Neves's hash-based encryption proposal could be used in addition to AES and XSalsa20, or in place of XSalsa20.//