[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Counter Mode Security: Analysis and Recommendations
Alex,
Alex Alten wrote:
>
> Of course there's still the *minor* matter of the hash. Unless I'm
> mistaken, this still requires linear sequential processing of the packet
> bytes. Won't this disrupt the tidy flow of parallel blocks?
that's right. In order to reap the implementation benefits of counter mode, you
need to have a MAC that can also be pipelined. Unfortunately, none of the
standardized MACs have that property. This is especially problematic because
counter mode should be run with a MAC (and in the current ESP draft, MUST be run
with a MAC).
David