|
|
|
|
|
|
by e4m2
776 days ago
|
|
|
This is a fair concern. > Does anyone know more about the security of the 8-round form and whether we should be concerned? This is the latest cryptanalysis I could find (see Table 2 and 3 for an overview): https://ieeexplore.ieee.org/document/10410840 We don't even have an attack against ChaCha8. While it is likely one will appear as cryptanalysis improves, it is far less likely such an attack will ever become practical. But obviously, not everyone from within the cryptographic community would agree with JP Aumasson either. For example, DJB had this to say 1 year and 5 months before "Too Much Crypto" first appeared on the IACR ePrint archive: https://twitter.com/hashbreaker/status/1023969586696388613. So in conclusion; somewhat inconclusive? Going by the results so far, ChaCha8 is probably fine. |
|
|