Re: Using Salsa20 in a new protocol spec

Adam Ierymenko wrote:
On Aug 14, 3:55 pm, MTGAP <mtga...@xxxxxxxxx> wrote:
On Aug 14, 12:49 pm, Tom St Denis <t...@xxxxxxx> wrote:

On Aug 14, 1:42 pm, Adam Ierymenko <adam.ieryme...@xxxxxxxxx> wrote:
I am presently writing a new protocol spec and reference
implementation. Should I consider using Salsa20?
It is very fast, simple, easy to implement, portable, and seems to
have gotten good press. However, it is not finalized yet. Anyone
already using it? Is such an algorithm likely to get revised?
What's wrong with AES-CTR for a stream cipher?
Salsa20 kicks butt. That's what.

AES is much more standardized, of course. So it may be a better
choice. Like they said in Practical Cryptography, if you use AES and
someone breaks it, no one can blame you for using the government

I'll probably go with Salsa20. It's a private open source project, so
CYA is not an issue.

How do you figure that? If you implement something not approved by the government as "the" standard, then you're going to a donkey barbecue and they're going to chew on your ass.

It's also for protecting a network protocol
against naive DOS attacks and packet spoofing, so if someone finds a
way to break it with a 100000 node cluster in 2 weeks that really
isn't much of an issue either.

Just wondering if there were any potential issues with it being not
set in stone yet, but from what I've read it's pretty much the
finalist and isn't going to change. I did some more searching and
found that it was already in the Linux kernel too.

The big feature that attracts me to it is simplicity and endian-
neutrality, which means I don't need to worry about endian-ness for
portability. The fact that it's a stream cipher makes it easier to
code with too.