[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Counter Mode Security: Analysis and Recommendations
> >>>>> "David" == David A Mcgrew <mcgrew@cisco.com> writes:
<snip>
>
> David> 4) is it acceptable to implement AES-192 or AES-256 and use
> David> those ciphers for counter mode? Or is it desirable to use
> David> AES-128 for both CBC and counter mode?
>
> I would hate to depend on AES-192 or above, since it's not clear to me
> how widely those will initialy be implemented in high speed silicon.
>
> paul
And let's keep in mind that a fundamental reason that we're pursuing
counter mode in the first place is for high-performance as systems
move into the multi-Gigabit range. (Parallelizing the crypto operations
across multiple engines with staggered counters.) It's safe to say that
all hardware and software implementations will be noticably slower with
AES-256 than with AES-128.
Bob