[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More on a second IPSec algorithm

To: ipsec@lists.tislabs.com
Subject: Re: More on a second IPSec algorithm
From: Helger Lipmaa <helger@cyber.ee>
Date: Wed, 21 Jul 1999 07:42:21 +0300 (EET DST)
Sender: owner-ipsec@lists.tislabs.com

DES is ``not very secure'' and ``not very fast''. 3DES is ``secure'' but
``extremely slow''. Most of the other candidates are ruled out since they
are ``too new''.

May be we should select the most conservative AES candidate: Serpent. It
is DES-like, but has larger blocks (128), larger keys (up to 256 bits),
more secure S-boxes, more rounds (32!), and very conservative design.
Although Serpent has been critisised for slow troughput (the current best
(known) implementation on Pentium II (in C!) takes ~990 cycles per 128-bit
block, as opposed to ~340 cycles per OpenSSL implementations of DES (in
assembler)), it is still almost twice as fast than 3DES and most probably
also more secure. Note that the authors of Serpent (Ross Anderson, Eli
Biham and Lars Knudsen) had no attacks for 16-round Serpent but still
decided to double the number of rounds.

Serpent is patent-resistant. And faster implementations probably follow.

Helger

Prev by Date: Re: TCP checksum recalculation
Next by Date: Re: TCP checksum recalculation
Prev by thread: Re: More on a second IPSec algorithm
Next by thread: Re: your mail
Index(es):
- Main
- Thread