[Top] [All Lists]

something else for the pot - Galois/Counter Mode (GCM)

2008-04-27 13:04:55

With talk of moving from our current "PGP"-CFB to CBC at
some "future" point (along with ECC, V5 keys, blah, blah),
what about considering GCM?

It's one of the NIST modes of operation, it's (according
to the authors) unencumbered by patents, plus will be
supported by a specific processor instruction from the
Intel Westmere (ETA 2009) CPUs onwards.  (Westmere
will also have "AES-NI" instructions, giving us hardware
speed and constant time execution round instructions.)

Plus (as a bonus ;)) GCM is only defined for 128-bit block
ciphers.  This would provide us with an authenticity that
would allow us to move away from our current *SHA1*
MDC.  Presumably it [GCM] wouldn't be selectable for
64-bit block ciphers, which would mirror when MDC was
only (by default?) for 128-bit ciphers (originally?).

<Prev in Thread] Current Thread [Next in Thread>
  • something else for the pot - Galois/Counter Mode (GCM), David Crick <=