[noise] [ANNOUNCE] WireGuard Launched!

Brian Smith brian at briansmith.org
Tue Jun 28 10:25:52 PDT 2016

Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> I'm excited to hear your feedback, and to work with you in ironing out
> any issues that come up, fine tuning performance, and so forth.

The main question I have is whether choosing BLAKE2 + ChaCha20 +
Poly1305 is the best choice of a "one true cipher suite."

If one were to implement the same protocol using SHA-256 + AES-256-GCM
instead, then wouldn't the performance be much better on Skylake+ and
ARMv8+? I understand that SHA-256 + AES-256-GCM would be slower and
more difficult to implement for older hardware.

I think this is the problem that lots of potential users of Noise
have: choosing between BLAKE2 + ChaCha20 + Poly1305, which are
optimized for less-capable CPUs, and SHA-256 + AES-256-GCM, for which
newer CPUs are being optimized.


More information about the Noise mailing list