Re: More on a second IPSec algorithm

[Paul Koning <pkoning@xedia.com>]

>>>>> "John" == John Shriver <jas@shiva.com> writes:

 John> Bill, your discussion is assuming people are doing cryptography
 John> in software.  (Well, you're not alone in that attitude, for
 John> sure.)  Lots of products do cryptography in hardware.  Can the
 John> average chip that can do DES and 3DES in hardware also do DESX?

No, but if you want to move away from the status quo there's not much
you can do about this.  Chips I've seen support either just DES, or
DES and 3DES, or DES, 3DES, RC4.

RC4 hasn't been mentioned in this entire discussion; the fact that
it's a stream cipher certainly explains that, and there may be
intellectual property issues as well.

So it seems that any required support for a block cipher other than
DES or 3DES means new hardware would be needed.

As a somewhat mitigating factor, most other ciphers are cheaper in
software, so the pain of doing without hardware assist is not quite as 
extreme.  That's not to say I'm happy about it, admittedly.

	paul

---

References:

• Re: More on a second IPSec algorithm
• From: William Allen Simpson <wsimpson@greendragon.com>
• Re: More on a second IPSec algorithm
• From: John Shriver <jas@shiva.com>

---

• Prev by Date: Re: new second mandatory IPsec cipher
• Next by Date: Re: starting on asking THE QUESTION
• Prev by thread: Re: More on a second IPSec algorithm
• Next by thread: Re: More on a second IPSec algorithm
• Index(es):
  • Main
  • Thread