and I am sure there will be benchmarks of this and all the other crypto types just as soon as the next kernel is released Michael

This is genuinely strange to me. Yes, I 100% agree with the suspicion behind Speck.

But then to rely on ....... GOOGLE?!? Google's entire offering, when taken in total - from their browser to analytics to phone OS to search to Google Home to Gmail and everything else they do. It all amounts to a singular surveillance platform - it's probably the most effective surveillance platform humanity has ever built.

Why? I'm genuinely curious. When the CIA wanted to build the SR-71, they didn't say "Hi, this is the CIA, we need a metric crap-ton of the purest grade titanium". No, they bought it covertly through shell corporations. Likewise, when Communist China wanted an air craft carrier, they bought a used one, covertly, via an "investor" who said he was building a tourist attraction.

If a secretive agency wants to slip compromised crypto into the kernel, they won't say "Hi, this is the Agency, here use this code we wrote". It's absurd to think that's the case here.

Agree 100%, with Facebook as a close 2nd.

Likewise with Huawei's many lines of kernel code, we've decided to trust the Chinese government too, apparently. What a joke.

this paragraph contains some redundancy i think :

There are lot of past examples of this, e.g.: https://en.wikipedia.org/wiki/Dual_EC_DRBG

Google may have privacy issues, but it is also interested in not having its systems compromised by third parties, and it has a history of doing good with crypto, an example is https://boringssl.googlesource.com/boringssl/ .

They are not relying on Google, Google is simply using already tested and proven crypto.

Why not? They will do all they can to get it in, if doing it as an official agency works better than trying to slip it in, then why not trying it?

also, paranoia about its authors and their intentions aside, Speck is *yet another different cipher*.
It hasn't received an as wide reviewing by 3rd party cryptographers (it was out since 2013)
even if there were no intentionnal back doors, risk is higher to eventually discover accidental ones down the line (compared to DJB's chacha20-poly1305 published in 2008 aready, which has been widely reviewed, including by google, including openssh authors, etc.)

speck also fails to show why it's relevant. regarding the low power ARM devices without a crypto coprocessing unit : chacha20-poly1305 covers already very well the low power segment, it's even been implemented on arduinos, on fricking microcontrollers.

on the other hand, google's adiantum - if you read between the line - is just some tweaking of chacha20-poly1305 to make it more suitable for mass storage encryption.
risks of google fucking it up are lower than if they introduce something entirely new from the ground up.
That doesn't mean that adiantum shouldn't be reviewed by numerous 3rd party specialist in crypto (google could still have fucked up their recommendations - see rounds reduction from 20 to 12), but it means that reviewing might go faster, and is likely to turn up as a recommendation.

TL;DR: go for the one that has had 5 more years to get reviewed and already covers your needs, rather than the newer one from the spooky guys.

Exactly. https://freedom-to-tinker.com/2013/1...tempt-of-2003/