3 comments

[ 0.14 ms ] story [ 13.0 ms ] thread
It does feel a bit scary being this far on the bleeding edge of adoption of cryptography (since people tend to be really conservative), but since the alternative is known to be bad (RC4...), there really isn't much choice.

Thank you Google for everything you've done on this; Android and Chrome are doing a lot for Internet security.

When Rijndael was chosen as AES, it was ~3 years old and was broken for 6-7 rounds out of 10 with 128 bit keys, and 7-8 rounds out of 14 with 256 bit keys. Chacha20 is 7 years old now and is broken for 7 rounds out of 20, with the attacks on BLAKE/BLAKE2 holding up that margin. You should be very comfortable with Chacha20!
Thank you also to djb for designing the salsa20 family & poly1305.

And kudos to Cloudflare for pushing the envelope in this regard!