Hardware support for AES but not SHA2 is extremely common. For devices
without acceleration, ChaCha20-Poly1305 is likely to be faster than SHA256
(e.g. according to https://www.bearssl.org/speed.html).
Unless your device has hardware offload for SHA256 but _not_ for AES (a
rare combination), you
Hi,
I think we discussed this in a previous thread, but I’d prefer to keep this
part of the draft as is. Since IoT hardware is really diverse there are some
platforms where this would be a performance gain (and others where it is not).
We don’t make strong claims in this area in the draft so I
