[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Counter Mode Security: Analysis and Recommendations

To: "Alex Alten" <Alten@attbi.com>
Subject: RE: Counter Mode Security: Analysis and Recommendations
From: "David A. Mcgrew" <mcgrew@cisco.com>
Date: Mon, 25 Nov 2002 06:13:21 -0800
Cc: <ipsec@lists.tislabs.com>
Importance: Normal
In-Reply-To: <3.0.3.32.20021123040402.017769c8@mail>
Sender: owner-ipsec@lists.tislabs.com

Alex,

Alex Alten wrote:
>
> Of course there's still the *minor* matter of the hash.  Unless I'm
> mistaken, this still requires linear sequential processing of the packet
> bytes.  Won't this disrupt the tidy flow of parallel blocks?

that's right.  In order to reap the implementation benefits of counter mode, you
need to have a MAC that can also be pipelined.  Unfortunately, none of the
standardized MACs have that property.  This is especially problematic because
counter mode should be run with a MAC (and in the current ESP draft, MUST be run
with a MAC).

David

References:
- RE: Counter Mode Security: Analysis and Recommendations
  - From: Alex Alten <Alten@attbi.com>

Prev by Date: RE: draft-ietf-ipsec-pki-profile-01.txt
Next by Date: Changing the cookie order in IKEv2
Prev by thread: RE: Counter Mode Security: Analysis and Recommendations
Next by thread: RE: Counter Mode Security: Analysis and Recommendations
Index(es):
- Date
- Thread