Re: draft-ietf-ipsec-ciph-aes-ctr-00.txt

[Stephen Kent <kent@bbn.com>]

At 3:23 PM -0400 8/24/02, Michael Richardson wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>>>>>>  "Alex" == Alex Alten <Alten@attbi.com> writes:
>     >> Anyone who *needs* AES-CTR mode, likely needs it because they have
>     >> >1Gb/s links they want to secure. As such, I think that they have the
>     >> bandwidth not to care.
>
>     Alex> Micahael,
>
>     Alex> Are you implying that AES-CTR on a modern Intel CPU can handle more
>     Alex> than 1 Gb/s Ethernet?  Is this because the IV stays in L1 cache?
>
>   I'm not making any claim about hardware or software implementations.
>My understanding is that AES-CTR mode is implemented more cheaply
>than AES-CBC mode. Whether this is hardware or software is simply a question
>of what year it is.
>

I don't think we can say that CTR mode is easier to implement in 
software than CBC mode. CTR mode probably isn't any faster than CBC, 
in general, in software, since software can't generally take 
advantage of the pipelining or parallelism.

Steve