8e07b51739
Benefits: - larger seeds -- a 128-bit key alone is not enough for `128-bit security' - better resistance to timing side channels than AES - a better-understood security story (https://eprint.iacr.org/2018/349) - no loss in compliance with US government standards that nobody ever got fired for choosing, at least in the US-dominated western world - no dirty endianness tricks - self-tests Drawbacks: - performance hit: throughput is reduced to about 1/3 in naive measurements => possible to mitigate by using hardware SHA-256 instructions => all you really need is 32 bytes to seed a userland PRNG anyway => if we just used ChaCha this would go away... XXX pullup-7 XXX pullup-8 XXX pullup-9 |
||
|---|---|---|
| .. | ||
| arc4 | ||
| blowfish | ||
| camellia | ||
| cast128 | ||
| cprng_fast | ||
| des | ||
| nist_hash_drbg | ||
| rijndael | ||
| skipjack | ||