On Wed, Apr 23, 2014 at 09:16:33AM -0400, Thor Lancelot Simon wrote: > On Wed, Apr 23, 2014 at 10:57:59AM +0200, Joerg Sonnenberger wrote: > > On Tue, Apr 22, 2014 at 11:59:38PM -0400, Thor Lancelot Simon wrote: > > > I believe ChaCha8 is suitable for our purpose: we were previously > > > considering > > > ciphers with, at most, 128-bit security, and even 6-round ChaCha has > > > 139-bit > > > strength against the best currently known attack (at present, there is no > > > attack better than brute force on ChaCha8, and the best attack on ChaCha7 > > > is 2^248). ChaCha8 appears to be somewhat faster than the old arc4 > > > implementation. > > > > Sounds wrong. When I measured Salsa20/8, it was ~3 times faster than > > RC4. Code can be found at > > http://www.netbsd.org/~joerg/arc4random_salsa.c. > > That's a libc implementation -- and were you calling it for 32 bits at a > time, or bulk data?
I measured either case, extracting 32bits at a time vs doing larger operations. Joerg
