Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update README.md #155

Merged
merged 1 commit into from
Aug 12, 2024
Merged

Update README.md #155

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -409,12 +409,12 @@ on most CPUs via AES-NI. But where hardware acceleration is not available `ChaCh
start
with the lower `4 bytes` set to `00 00 00 02`.
- `ChaCha20-Poly1305`: `ChaCha` has an internal counter (`32 bits` in the standardized IETF variant, `64 bits` in the
original design). Max message length is `2^39 - 256 bits`, about `256 GB`
- Neither algorithm is nonce misuse-resistant.
original design). Max message length is `2^39 - 256 bits`, about `256GB`
- Neither algorithm is **nonce misuse-resistant**.
- `ChaChaPoly1305` is better at `SIMD`

Conclusion: Both are good options. AES-GCM can be faster with hardware support, but pure-software implementations of
ChaCha20-Poly1305 are almost always fast and constant-time.
**Conclusion**: Both are good options. `AES-GCM` can be faster with **hardware support**, but **pure-software** implementations of
`ChaCha20-Poly1305` are almost always **fast** and **constant-time**.

# Security

Expand Down
Loading