Antoine Pitrou added the comment: > For any device that has hardware support for AES (AES-NI) AES-GCM is > hands down a better choice of cipher. It is secure, has no issues in > the spec itself, and it is *fast*, like 900MB/s for AES-128-GCM on a > Sandy Bridge Xeon w/ AES-NI (ChaCha20Poly1305 got 500MB/s on the same > hardware, however it is a 256bit cipher will AES-128-GCM is a 128 bit > cipher). Using ChaCha20 on those devices would be a worse choice than > AES-GCM.
I think performance isn't really relevant, except perhaps on very busy servers. A smartphone acting as a *client* certainly shouldn't need to download 20 MB/s of encrypted data. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue20995> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
