Hacker News new | comments | show | ask | jobs | submit login

Kind of surprised there is not a single word about AES-NI in there.

Both Intel and AMD now support it in modern server cpus.

You want to be using aes128-cbc to take advantage of it.


The bulk cipher isn't the bottleneck; it's the number theoretic crypto that kills performance. RC4 is already very fast. And prioritizing RC4 also mitigates some real-world security problems with legacy client software.

Author mentions this point briefly without saying "AES-NI" though.

<quote> On the contrary, AES can be very fast in software implementations, and even more if your CPU provides specific instructions for AES. </quote>

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact