Which MAC (message authentication code) mechanism would be best suited for older devices like iPhones and Androids that lack AES (advanced encryption standard) hardware acceleration?

The best choice for older devices that lack AES hardware acceleration is Poly1305. Poly1305 is a message authentication code that is designed to be both fast and efficient in software implementations, making it particularly suitable for devices with limited processing power.

This makes Poly1305 a strong option when considering performance on older hardware since it does not rely on complex cryptographic operations that may be slow without hardware acceleration. It is specifically optimized for speed while maintaining a high level of security, which makes it ideal for scenarios where computational resources are constrained.

While HMAC is also a secure method for generating message authentication codes, it generally combines hash functions with a key, and its performance can vary depending on the underlying hash function used. In contrast, Poly1305 offers consistent performance, making it more favorable in situations like those presented in the question.

Choosing MD5 or SHA-256 would not be appropriate, as MD5 is considered weak in terms of security, having known vulnerabilities, and SHA-256, while secure, might not perform as efficiently on older devices without dedicated hardware support. Therefore, Poly1305 stands out as the optimal choice for message authentication in the context of older smartphones.