[Top] [All Lists]

Re: Next Steps

2007-11-06 08:08:58

nagydani(_at_)epointsystem(_dot_)org (Daniel A. Nagy) writes:


On Tue, Nov 06, 2007 at 08:36:23AM -0500, Derek Atkins wrote:

Have you actually tried using a block cipher like AES, or are you
basing this "may perform really poorly" only on guesswork?
Seriously...  AES was specifically designed to work well in small
systems like cell phones, have you actually tried it?

Yes, I have tried AES. It is still almost an order of magnitude slower than

That's an unfair comparrison.  AES is going to be slower than RC4 on
all hardware.  That's not the question you need to be asking.  The
question is whether AES is "fast enough" for your application on your
hardware.  I.e., can AES give you enough throughput on your hardware
to get your data?

Go ahead, but we've discussed ArcFour previously and decided it was
too dangerous and didn't fit into the CFB cipher context modes. 

I don't think it is dangerous if done properly, but it definitely does not
fit into CFB cipher condext mode (which, by the way, is another thing that
is worth considering for retirement).

The problem is that the vast majority of developers don't know how to
use it properly, and it's VERY easy to get wrong.  There's just too
many ways to shoot yourself in the foot, such as reusing keystream,
or not thowing away the beginning of the keystream.

I'd leave it up to the WG about whether we want to retire CFB mode,
I don't have a feel for any consensus on that.


       Derek Atkins                 617-623-3745
       Computer and Internet Security Consultant