On Tue, Jul 16, 2013 at 03:23:01AM -0400, William Allen Simpson wrote: > On 6/22/13 8:24 PM, Greg Rose wrote: > > > >On Jun 22, 2013, at 15:31 , James A. Donald <jam...@echeque.com> wrote: > > > >>On 2013-06-23 6:47 AM, Peter Maxwell wrote: > >>>I think Bernstein's Salsa20 is faster and significantly more secure than > >>>RC4, whether you'll be able to design hardware to run at line-speed is > >>>somewhat more questionable though (would be interested to know if it's > >>>possible right enough). > >> > >>I would be surprised if it is faster. > > > >Be surprised, then... almost all of the recent word- or block- oriented > >stream ciphers are faster than RC4. And NOTHING should still be using RC4; > >by today's standards it is quite insecure. > > > So I spent some (much too much) time reading old PPP archives on our > earlier discussions selecting an algorithm. Sadly, 3DES was chosen, > but rarely implemented. > > I cobbled together a draft based on old discussion for ARC4. It > surely needs more work. Although (as you mention) that's old stuff, > it has the advantage of having running code in most existing systems, > and could be rolled out quickly on high speed connections. > > http://tools.ietf.org/html/draft-simpson-ppp-arc4-00
If you're really going to publish a new RFC -- even an Experimental one -- using RC4, you should really use RC4-drop-N. For even moderately sized packets and reasonable values of N, if you effectively rekey every packet, you will end up wasting 25-50% of the throughput of the system. Conclusion: RC4 is particularly poorly suited for this application in the modern day. Thor _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography