IETF Logo Mail Archive

Re: draft-ietf-ipsec-ciph-aes-ctr-00.txt

"Housley, Russ" <rhousley@rsasecurity.com> Thu, 29 August 2002 01:28 UTC

Received: from lists.tislabs.com (portal.gw.tislabs.com [192.94.214.101]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g7T1S4217875; Wed, 28 Aug 2002 18:28:04 -0700 (PDT)
Received: by lists.tislabs.com (8.9.1/8.9.1) id UAA04736 Wed, 28 Aug 2002 20:32:56 -0400 (EDT)
From: "Housley, Russ" <rhousley@rsasecurity.com>
To: "The Purple Streak, Hilarie Orman" <ho@alum.mit.edu>
Cc: ipsec@lists.tislabs.com
Message-Id: <5.1.0.14.2.20020828203948.0352cf40@exna07.securitydynamics.com>
X-Sender: rhousley@exna07.securitydynamics.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 28 Aug 2002 20:41:48 -0400
Subject: Re: draft-ietf-ipsec-ciph-aes-ctr-00.txt
In-Reply-To: <200208280355.g7S3txf06032@localhost.localdomain>
References: <Yourmessage <5.1.0.14.2.20020827165406.03057820@exna07.securitydynamics.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

Hilarie:

Some people that have done implementations tell me otherwise.  Since I do 
not have firsthand experience, I will let them speak for themselves (if 
they are on this list).

Russ

At 09:55 PM 8/27/2002 -0600, The Purple Streak, Hilarie Orman wrote:
>AES decryption isn't all that different from encryption; the algorithm
>has only a minor difference and the rest is in tables.  Shouldn't
>really make any noticeable difference in code size or development time.
>
>Hilarie
>
>In due time, on Tue, 27 Aug 2002 at 16:56:59 -0400 Housley, Russ
>asserted:
>
> >  Steve:
>
> >  I disagree.  AES-CTR only uses the AES encrypt operation for both packet
> >  encryption and decryption.  Since AES encrypt and AES decrypt are quite
> >  different, unlike DES where they were nearly identical, there can be a
> >  considerable savings in code size and development time for AES-CTR since
> >  AES-CBC used both AES encrypt and decrypt operations.
>
> >  Russ
>
> >  At 08:40 AM 8/26/2002 -0400, Stephen Kent wrote:
> >  >At 3:23 PM -0400 8/24/02, Michael Richardson wrote:
> >  >>-----BEGIN PGP SIGNED MESSAGE-----
> >  >>
> >  >>
> >  >>>>>>>  "Alex" == Alex Alten <Alten@attbi.com> writes:
> >  >>     >> Anyone who *needs* AES-CTR mode, likely needs it because 
> they have
> >  >>     >> >1Gb/s links they want to secure. As such, I think that they 
> have the
> >  >>     >> bandwidth not to care.
> >  >>
> >  >>     Alex> Micahael,
> >  >>
> >  >>     Alex> Are you implying that AES-CTR on a modern Intel CPU can 
> handle
> >  >> more
> >  >>     Alex> than 1 Gb/s Ethernet?  Is this because the IV stays in L1 
> cache?
> >  >>
> >  >>   I'm not making any claim about hardware or software implementations.
> >  >>My understanding is that AES-CTR mode is implemented more cheaply
> >  >>than AES-CBC mode. Whether this is hardware or software is simply a 
> question
> >  >>of what year it is.
> >  >
> >  >I don't think we can say that CTR mode is easier to implement in 
> software
> >  >than CBC mode. CTR mode probably isn't any faster than CBC, in 
> general, in
> >  >software, since software can't generally take advantage of the 
> pipelining
> >  >or parallelism.
> >  >
> >  >Steve

v2.23.0 | Report a Bug | By Email