karel-m

I do not use `LTC_CLEAN_STACK` in my builds. Approach 2 is fine.

Basically fine. I am just thinking about having: ``` aes_autodetect_desc ``` on top of: ``` aesni_desc aes_desc ``` I have to think it over.

Or even: ``` aesni_desc (new AES-NI) aessw_desc (old SW implementation aes_desc renamed to aessw_desc) aes_desc (aes with runtime autodetection of aessw/aesni variant) ``` With this all calls like `find_cipher("aes")` (we...

IMO the only tool in "release quality" is `hashsum` and it is the only candidate worth installing. I am in doubts whether anybody will ever use `make install_demos`. The `ltcrypt`...

Does this enable implementation of AES-GCM-SIV? https://tools.ietf.org/html/draft-irtf-cfrg-gcmsiv-06

Just FYI - there is a bunch of `AES-GCM-SIV` test vectors in wycheproof test suite (look for `aes_gcm_siv_test.json`).

Now exists as RFC8452 (April 2019): * AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption * https://tools.ietf.org/html/rfc8452

@DonaldTsang I think we should aim at features available in modern crypto libraries like libsodium which is IMO what "cool kids" tend to use nowadays. If you have some spare...

ping @buggywhip ^^

> Due to salsa20_ivctr64(), extension would ... As `salsa20` was not released yet (it is only in `develop` branch) we can still change its API if needed - e.g. incorporating...