Re: Next Steps

On Tue, Nov 06, 2007 at 09:47:56AM -0500, Derek Atkins wrote:

> That's an unfair comparrison.  AES is going to be slower than RC4 on
> all hardware.  That's not the question you need to be asking.  The
> question is whether AES is "fast enough" for your application on your
> hardware.  I.e., can AES give you enough throughput on your hardware
> to get your data?
No, it is not. A single block operation takes almost half a second on
NOKIA 3410, which means that encrypting a simple text message takes seconds,
which is not nice from a user experience PoV.
 
> > > Go ahead, but we've discussed ArcFour previously and decided it was
> > > too dangerous and didn't fit into the CFB cipher context modes. 
> > I don't think it is dangerous if done properly, but it definitely does not
> > fit into CFB cipher condext mode (which, by the way, is another thing that
> > is worth considering for retirement).
> The problem is that the vast majority of developers don't know how to
> use it properly, and it's VERY easy to get wrong.  There's just too
> many ways to shoot yourself in the foot, such as reusing keystream,
> or not thowing away the beginning of the keystream.
It should be well defined in the spec and it will be.

> I'd leave it up to the WG about whether we want to retire CFB mode,
> I don't have a feel for any consensus on that.
I think that at least it would be nice to have an alternative.

-- 
Daniel

signature.asc
Description: Digital signature