From b2a4040023d421870d0e7076b30b2808c813a1f0 Mon Sep 17 00:00:00 2001
From: zooko <>
Date: Tue, 12 May 2009 22:01:34 +0000
Subject: [PATCH] update links, edit

[Imported from Trac: page Bibliography, version 37]
---
 Bibliography.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Bibliography.md b/Bibliography.md
index 0a08ee5..0ed94d9 100644
--- a/Bibliography.md
+++ b/Bibliography.md
@@ -9,7 +9,7 @@ Here are some papers that are potentially of interest.
 
 [Salsa20 Security Arguments](http://cr.yp.to/snuffle.html#security) why Salsa20 is probably safe against this and that threat
 
-[ChaChaCha20](http://cr.yp.to/chacha.html) even better stream cipher; It is probably slightly safer than Salsa and it is certainly slightly faster.
+[ChaChaCha20](http://cr.yp.to/chacha.html) even better stream cipher; It might be slightly safer than Salsa20 and it is certainly slightly faster on some platforms, but slightly slower on others.  However, the author of Salsa20 and [ChaChaCha](ChaChaCha)20, Daniel J. Bernstein, seems to have settled on using Salsa20 (or a tweak of it named XSalsa20), so probably that is the one to use.
 
 [EnRUPT](http://enrupt.com) a very simple, fast, and flexible primitive which could be used as stream cipher, secure hash function, or MAC (the first two are primitives that we currently need, and the third one -- MAC -- is a primitive that we may want in the future) and which relies for its security on a large number of rounds.  The question of how many rounds to use is decided by semi-automated cryptanalysis.  (Note: the SHA-3 candidate version of EnRUPT in stream hashing mode was insecure.  The current block cipher mode is insecure.  There is a minor change (use a few more rounds) which is thought to fix the stream hashing mode.  The author is apparently working on a fix for the block cipher mode.)
 
@@ -19,7 +19,7 @@ Here are some papers that are potentially of interest.
 
 ### Elliptic Curve Cryptography
 
-[ECC Brainpool Standard Curves and Curve Generation](http://tools.ietf.org/html/draft-lochter-pkix-brainpool-ecc-01) new elliptic curve parameters which come with a proof that they were generated deterministically and pseudorandomly from the first few bits of pi, as well as proofs that they are immune to certain other potential cryptographic weaknesses.
+[ECC Brainpool Standard Curves and Curve Generation](http://tools.ietf.org/html/draft-lochter-pkix-brainpool-ecc-03) new elliptic curve parameters which come with a proof that they were generated deterministically and pseudorandomly from the first few bits of pi, as well as proofs that they are immune to certain other potential cryptographic weaknesses.
 
 ### Secure Hash Functions