On Tue, Nov 06, 2007 at 09:47:56AM -0500, Derek Atkins wrote:
That's an unfair comparrison. AES is going to be slower than RC4 on
all hardware. That's not the question you need to be asking. The
question is whether AES is "fast enough" for your application on your
hardware. I.e., can AES give you enough throughput on your hardware
to get your data?
No, it is not. A single block operation takes almost half a second on
NOKIA 3410, which means that encrypting a simple text message takes seconds,
which is not nice from a user experience PoV.
Go ahead, but we've discussed ArcFour previously and decided it was
too dangerous and didn't fit into the CFB cipher context modes.
I don't think it is dangerous if done properly, but it definitely does not
fit into CFB cipher condext mode (which, by the way, is another thing that
is worth considering for retirement).
The problem is that the vast majority of developers don't know how to
use it properly, and it's VERY easy to get wrong. There's just too
many ways to shoot yourself in the foot, such as reusing keystream,
or not thowing away the beginning of the keystream.
It should be well defined in the spec and it will be.
I'd leave it up to the WG about whether we want to retire CFB mode,
I don't have a feel for any consensus on that.
I think that at least it would be nice to have an alternative.
Description: Digital signature