|
|
|
|
|
|
by bpolverini
3869 days ago
|
|
|
Definitely right about that. The biggest reason was familiarity with the Skein NIST implementation--I've dug through it in the past in research and the like, so I wanted to leverage some experience there. We decided against just using crypto_secretbox from NaCl because it doesn't have a way for us to simply pause and resume to keep from blocking our UI thread on big files. We thought about trying to bolt ways into seeking into the stream output of crypto_stream, but that wasn't performing well. We went as far as trying to use crypto_secretbox in an Asm.js-ified WebWorker, but the performance hit was just too big, so we knew we had to find a way to "schedule" our encryption, otherwise our React.js app would crawl. The reason I passed on AES is far less justifiable, but important to me for aesthetic reasons: Using Skein just seemed like way more fun. Programming without whimsy is drudgery. My next blog post will cover some of these decisions and performance tradeoffs in more detail with some code. Since you mentioned it, I will add an AES-CTR implementation into the metrics so people can see. I'm curious myself to see how we stack up! |
|
|
You seem like you know what you're talking about but that last sentence is approximately the scariest thing any software developer working with crypto has ever said.