[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Counter Mode Security: Analysis and Recommendations
Ted,
I concur with your analysis re the storage requirements for this
attack, and how daunting they seem. This strikes me as the sort of
attack that I would protect against if it cost almost nothing, but as
we see, it does have a cost, e.g., in terms of extra storage for
additional per-SA state for the added bits, or in terms of using
bigger AES keys, with attendant increases in the number of rounds and
the key state size. Also there are costs to vendors in supporting the
additional key sizes and numbers of rounds. At a time when we are
trying to simplify IPsec and IKE, this seem to be heading in the
wrong direction.
Steve