[noise] [ANNOUNCE] WireGuard Launched!
Brian Smith
brian at briansmith.org
Tue Jun 28 10:25:52 PDT 2016
Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> I'm excited to hear your feedback, and to work with you in ironing out
> any issues that come up, fine tuning performance, and so forth.
The main question I have is whether choosing BLAKE2 + ChaCha20 +
Poly1305 is the best choice of a "one true cipher suite."
If one were to implement the same protocol using SHA-256 + AES-256-GCM
instead, then wouldn't the performance be much better on Skylake+ and
ARMv8+? I understand that SHA-256 + AES-256-GCM would be slower and
more difficult to implement for older hardware.
I think this is the problem that lots of potential users of Noise
have: choosing between BLAKE2 + ChaCha20 + Poly1305, which are
optimized for less-capable CPUs, and SHA-256 + AES-256-GCM, for which
newer CPUs are being optimized.
Cheers,
Brian
--
https://briansmith.org/
More information about the Noise
mailing list