Re: CBC makes Implementations too Slow.

["Steven M. Bellovin" <smb@research.att.com>]

In message <00b001c16159$4987ba60$0300a8c0@payampardaz>, "mahdavi" writes:
>This is a multi-part message in MIME format.
>
>------=_NextPart_000_002E_01C16174.3E8E5360
>Content-Type: text/plain;
>	charset="windows-1256"
>Content-Transfer-Encoding: quoted-printable
>
>Hi Sirs.=20
>Hardware implementation of IPSEC is our activity.=20
>now we face with a problem about CBC mode.=20
>
>In software CBC makes no trouble for implementation but in hardware it =
>is another story.=20
>If CBC mode was not mandate, acheiving high speed cryptography was easy. =
>
>
>for example for 3des every block needs 48 pulses to be encrypted. ( 16 =
>round )
>
>This leads us to a Pipeline that can generate one encrypted block per =
>clock. but with CBC we can not reach to this speed. result of evry block =
>has an effective role in making next block.=20
>in another word feeding every block needs result of pervious block at =
>first.=20
>
>so our pipeline faces with terrible lack of efficiency.=20
>
>now how can we face with this problem.=20
>
>can any body shows us some guide lines?

This complaint is common for all sorts of encryption, not just IPsec.  
The Security Area has decided to wait for the forthcoming 
recommendations from NIST for new modes of operation that are 
specifically designed to address this problem.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com

---

Follow-Ups:

• RE: CBC makes Implementations too Slow.
• From: "Khaja E. Ahmed" <khaja.ahmed@cavium.com>

---

• Prev by Date: ipsec configuration mib
• Next by Date: RE: Status of ID: IPsec Flow Monitoring MIB
• Prev by thread: CBC makes Implementations too Slow.
• Next by thread: RE: CBC makes Implementations too Slow.
• Index(es):
  • Main
  • Thread