[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IVs, summary of discussion
Steve,
The table is a bit more complicated than your 4 entry matrix
might suggest. Assuming 64-bit wide encryption (OFB-64 or CBC or
CFB-64), the data rates are all the same for these modes. The only
advantage to OFB is the option to precompute key stream, but on a
single processor machine that may not be much of an advantage. Next,
one has to compare is the computation speed for different integrity
algorithms, with one-way hashes being the most secure and least
efficient, CRCs being more efficient and less secure, and simple
checksums being the fastest and least secure. One could use a simple
checksum or CRC with CBC mode and get a certain level of protection,
or you could use a hash algorithm with OFB and get very high
protection. Among hash functions, MD4 is faster than MD5 which is
somewhat faster than SHS. When being used for integrity,
vs. non-repduiation or forwardable authentication, I suspect even MD4
is quite adequate. I'd like to hear from Stu Stubblebine about the
relataive vulnerability of a longitudinal parity check or a CRC with
CBC mode, to get a better feeling for how hard it is to modify
ciphertext undetectably. (Of course, CRCs and LPCs tend to be shorter
than one-way hash functions, so there is already a different level of
security there, but one could truncate the hash value to save
transmission space and make the comparison simplier.) Finally, there
is the approach I suggested in a recent message, which relies on the
existing TCP checksum and calls for a mode like CBC, to take advantage
of existing integrity check processing and space, but with a fixed
(and not so great) integrity algorithm with a limited size. So, the
comparison is a fairly complex one.
Steve
Follow-Ups:
References: