Security
Encryption
-
Consensus seems to be that XChaCha20 is the preferred
encryption1
algorithm because AES is vulnerable to timing attacks unless
done in hardware + AES-GCM has a foot gun in it’s
counter2
- ChaCha20 is what is used for Wireguard3 instead of AES because it’s more efficient on mobile/low-power devices[^chcha-efficient]
-
hn discussion on XChaChaPoly. Search for “GCM” on the page. ↩︎