Hi! I know I'm not the first bringing this up, but almost 6 years have passed since that thread was created. What's the case against AES-GCM at this point? I wrote a PoC and a simple benchmark (it's in the PR), and the results on my Ryzen 5900X reveal a significant performance improvement:
I tried tampering with the version, IV, salt, ciphertext, and authentication tag, and got similar results. I.e., it's still faster to attempt to decrypt the ciphertext than to HMAC the message.
Is there interest in a new encryption envelope? I know that this is a highly sensitive part of this library.
Hi! I know I'm not the first bringing this up, but almost 6 years have passed since that thread was created. What's the case against AES-GCM at this point? I wrote a PoC and a simple benchmark (it's in the PR), and the results on my Ryzen 5900X reveal a significant performance improvement:
I tried tampering with the version, IV, salt, ciphertext, and authentication tag, and got similar results. I.e., it's still faster to attempt to decrypt the ciphertext than to HMAC the message.
Is there interest in a new encryption envelope? I know that this is a highly sensitive part of this library.