ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

something else for the pot - Galois/Counter Mode (GCM)

2008-04-27 13:04:55
from [David Crick] [Permanent Link] 

With talk of moving from our current "PGP"-CFB to CBC at
some "future" point (along with ECC, V5 keys, blah, blah),
what about considering GCM?

It's one of the NIST modes of operation, it's (according
to the authors) unencumbered by patents, plus will be
supported by a specific processor instruction from the
Intel Westmere (ETA 2009) CPUs onwards.  (Westmere
will also have "AES-NI" instructions, giving us hardware
speed and constant time execution round instructions.)

Plus (as a bonus ;)) GCM is only defined for 128-bit block
ciphers.  This would provide us with an authenticity that
would allow us to move away from our current *SHA1*
MDC.  Presumably it [GCM] wouldn't be selectable for
64-bit block ciphers, which would mirror when MDC was
only (by default?) for 128-bit ciphers (originally?).
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • something else for the pot - Galois/Counter Mode (GCM), David Crick <=
Previous by Date:  Re: I-D ACTION:draft-ietf-openpgp-camellia-03.txt, David Shaw
Next by Date:  ECC in OpenPGP -00.txt is posted as a draft, Andrey Jivsov
Previous by Thread:  {Blocked Content} I-D ACTION:draft-ietf-openpgp-camellia-03.txt, Internet-Drafts
Next by Thread:  ECC in OpenPGP -00.txt is posted as a draft, Andrey Jivsov
Indexes:  [Date] [Thread] [Top] [All Lists]