Re: Next Steps (was Re: RFC 4880 on OpenPGP Message Format)

Hello

On Tue, Nov 06, 2007 at 08:36:23AM -0500, Derek Atkins wrote:

> Have you actually tried using a block cipher like AES, or are you
> basing this "may perform really poorly" only on guesswork?
> Seriously...  AES was specifically designed to work well in small
> systems like cell phones, have you actually tried it?
Yes, I have tried AES. It is still almost an order of magnitude slower than
RC4.
 
> I'd also suspect that any Public Key operations would take much more
> time, although it sounds like you aren't using that part of the spec
> at all.
Exactly.

> Go ahead, but we've discussed ArcFour previously and decided it was
> too dangerous and didn't fit into the CFB cipher context modes. 
I don't think it is dangerous if done properly, but it definitely does not
fit into CFB cipher condext mode (which, by the way, is another thing that
is worth considering for retirement).

Actually, I am leaning toward introducing a general stream cipher mode of
which block ciphers operated in CTR mode are a special case. CTR has much
nicer theoretical properties than CFB in the sense that security assumptions
for block ciphers imply certain security properties for the stream cipher.

> But
> please send in your specs so we can see them and others on the list
> can give their opinion.
Sure.

Cheers,

-- 
Daniel

signature.asc
Description: Digital signature