[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Two AES encryption modes?

To: Gregory@netscreen.com
Subject: RE: Two AES encryption modes?
From: Paul Koning <pkoning@equallogic.com>
Date: Thu, 25 Jul 2002 10:28:00 -0400
Cc: ipsec@lists.tislabs.com
References: <541402FFDC56DA499E7E13329ABFEA87060C6D@SARATOGA>
Sender: owner-ipsec@lists.tislabs.com

Excerpt of message (sent 24 July 2002) by Gregory Lebovitz:
> If AES-CTR comes to fruition quickly, can someone put forth an argument for
> continuing to use AES-CBC? 
> 
> (To clarify, I am not challenging us to drop AES-CBC, I just want to hear
> cryptographers explain why we would/would not need both).

Several possible reasons:

1. You have hardware that implements AES-CBC but not AES-CTR.
2. You want to use manual keying and therefore may send more than one
   packet with the same IV.  With CBC that doesn't compromise the
   confidentiality of the data; with counter mode it does.

In my view, #1 is a sufficient reason.

   paul

Follow-Ups:
- Re: Two AES encryption modes?
  - From: daw@mozart.cs.berkeley.edu (David Wagner)

References:
- RE: Two AES encryption modes?
  - From: Gregory Lebovitz <Gregory@netscreen.com>

Prev by Date: RE: Vendor Extensions
Next by Date: RE: Two AES encryption modes?
Prev by thread: RE: Two AES encryption modes?
Next by thread: Re: Two AES encryption modes?
Index(es):
- Date
- Thread