[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Counter Mode Security: Analysis and Recommendations

To: Alex Alten <Alten@attbi.com>
Subject: RE: Counter Mode Security: Analysis and Recommendations
From: Stephen Kent <kent@bbn.com>
Date: Mon, 25 Nov 2002 11:47:14 -0500
Cc: Bob Doud <BDoud@hifn.com>, "'Paul Koning'" <pkoning@equallogic.com>, mcgrew@cisco.com, tytso@mit.edu, paul.hoffman@vpnc.org, ipsec@lists.tislabs.com
In-Reply-To: <3.0.3.32.20021123040402.017769c8@mail>
References: <3.0.3.32.20021123040402.017769c8@mail>
Sender: owner-ipsec@lists.tislabs.com

Alex,

><SNIP>
>Of course there's still the *minor* matter of the hash.  Unless I'm
>mistaken, this still requires linear sequential processing of the packet
>bytes.  Won't this disrupt the tidy flow of parallel blocks?
>
>Cost is still a factor. Let's say you drive it in total to $25 per chip
>today.  This is $125 retail + $50 for 1 Gbps Ethernet hardware. That's
>a tough sell.
>
>The really big win I see for AES-CTR is the fact you no longer need to add
>padding to the packet.  That simplifies life considerably for writing a
>software driver/filter.

The avoidance of padding for block fill is useful, but the raw 
performance of CTR mode is a very big attraction.  The integrity 
check is likely to be the limiting factor with CTR mode, but 
integrity algorithms are separate from encryption algorithms in most 
current uses.  Some combined modes make use of integrity algorithms 
are amenable to parallelism.

Steve

References:
- RE: Counter Mode Security: Analysis and Recommendations
  - From: Alex Alten <Alten@attbi.com>

Prev by Date: Protection against DoS attack
Next by Date: RE: SPD policy document/article
Prev by thread: RE: Counter Mode Security: Analysis and Recommendations
Next by thread: RE: Counter Mode Security: Analysis and Recommendations
Index(es):
- Date
- Thread