And testing cost for one more crypto algorithm when the algorithmic
permutations are already too high!
Gandhar Gokhale
Networking Components Group
LSI
On Mon, Mar 10, 2014 at 10:28 PM, wrote:
>
> On Mar 10, 2014, at 12:45 PM, Paul Wouters wrote:
>
>> On Mon, 10 Mar 2014, paul_kon...@dell.com w
Paul,
...
It's good to remember the reason that 256-bits keys for AES were specified,
i.e., as a hedge against someone building a quantum computer. So, unless the
data being encrypted is expected to have a lifetime far enough into the future
as to merit protection against that concern, the extra
On Mar 10, 2014, at 12:45 PM, Paul Wouters wrote:
> On Mon, 10 Mar 2014, paul_kon...@dell.com wrote:
>
>> That’s a good argument for a user choosing to use AES-128 rather than
>> AES-256. But it doesn’t really address why “SHOULD implement” isn’t
>> justified — the implementation cost is tri
On Mon, 10 Mar 2014, paul_kon...@dell.com wrote:
That’s a good argument for a user choosing to use AES-128 rather than AES-256.
But it doesn’t really address why “SHOULD implement” isn’t justified — the
implementation cost is trivial and if it isn’t used it has no performance
impact.
It's
On Mar 10, 2014, at 12:05 PM, Stephen Kent wrote:
> Paul
>> On Mar 8, 2014, at 8:08 AM, Black, David wrote:
>>
The next draft changes AES-128-CBC to AES-CBC, and says:
In the following sections, all AES modes are for 128-bit AES. 192-bit AES
MAY be supported for those mode
Paul
On Mar 8, 2014, at 8:08 AM, Black, David wrote:
The next draft changes AES-128-CBC to AES-CBC, and says:
In the following sections, all AES modes are for 128-bit AES. 192-bit AES
MAY be supported for those modes, but the requirements here are for 128-bit
AES.
What about 256-bit AES keys
unday, March 09, 2014 5:44 AM
To: ipsec
Subject: Re: [IPsec] AES key lengths: draft-ietf-ipsecme-esp-ah-reqts
With vendor hat on: years ago we measured the performance and found that the
performance of AES-256-CBC and AES-192-CBC were virtually identical. We removed
AES-192-CBC from our UI becau
With vendor hat on: years ago we measured the performance and found that
the performance of AES-256-CBC and AES-192-CBC were virtually identical. We
removed AES-192-CBC from our UI because we didn't see a point to it - less
security for no performance gain.
I don't have any more recent measurement
On Mar 8, 2014, at 8:08 AM, Black, David wrote:
>> The next draft changes AES-128-CBC to AES-CBC, and says:
>>
>> In the following sections, all AES modes are for 128-bit AES. 192-bit AES
>> MAY be supported for those modes, but the requirements here are for 128-bit
>> AES.
>
> What about 256-
On Mar 8, 2014, at 1:08 PM, Black, David wrote:
> What about 256-bit AES keys? They should also be a "MAY".
Good catch.
--Paul Hoffman
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
> The next draft changes AES-128-CBC to AES-CBC, and says:
>
> In the following sections, all AES modes are for 128-bit AES. 192-bit AES
> MAY be supported for those modes, but the requirements here are for 128-bit
> AES.
What about 256-bit AES keys? They should also be a "MAY".
Thanks,
--David
11 matches
Mail list logo
