[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Counter Mode Security: Analysis and Recommendations

To: "'Paul Koning'" <pkoning@equallogic.com>, mcgrew@cisco.com
Subject: RE: Counter Mode Security: Analysis and Recommendations
From: Bob Doud <BDoud@hifn.com>
Date: Wed, 20 Nov 2002 16:37:57 -0800
Cc: tytso@mit.edu, paul.hoffman@vpnc.org, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

> >>>>> "David" == David A Mcgrew <mcgrew@cisco.com> writes:
<snip>
> 
>  David> 4) is it acceptable to implement AES-192 or AES-256 and use
>  David> those ciphers for counter mode?  Or is it desirable to use
>  David> AES-128 for both CBC and counter mode?
> 
> I would hate to depend on AES-192 or above, since it's not clear to me
> how widely those will initialy be implemented in high speed silicon.
> 
> 	paul

And let's keep in mind that a fundamental reason that we're pursuing 
counter mode in the first place is for high-performance as systems 
move into the multi-Gigabit range.  (Parallelizing the crypto operations
across multiple engines with staggered counters.) It's safe to say that 
all hardware and software implementations will be noticably slower with 
AES-256 than with AES-128.

Bob

Follow-Ups:
- Re: Counter Mode Security: Analysis and Recommendations
  - From: "Theodore Ts'o" <tytso@mit.edu>
- RE: Counter Mode Security: Analysis and Recommendations
  - From: Alex Alten <Alten@attbi.com>

Prev by Date: RE: Counter Mode Security: Analysis and Recommendations
Next by Date: Re: Counter Mode Security: Analysis and Recommendations
Prev by thread: RE: Counter Mode Security: Analysis and Recommendations
Next by thread: Re: Counter Mode Security: Analysis and Recommendations
Index(es):
- Date
- Thread