On Tue, Mar 4, 2014 at 2:40 PM, Niels Möller nisse@lysator.liu.se wrote:
Does anyone else know of use or interest in 128-bit chacha keys? It would definitely make things a bit simpler if we can omit support for 128-bit keys. (And if we skip it now, we could of course reintroduce it later if it turns out to be needed).
For now, I've deleted the support for 128-bit chacha keys. And replaced the "chacha256_" prefixes by "chacha_". Not sure what to do about 96-bit nonces. I think I'll leave that for now, and maybe introduce a chacha_set_xnonce later in case both nonce-sizes needs to be supported.
It has not been approved yet, but the latest TLS proposal for chacha is with 96-bit nonces and there is no plan to change. So at least for gnutls only the 96-bit nonce version is relevant.
regards, Nikos