29 May 2005 21:22
Re: crypto(4) and IVs
Nathan J. Williams <nathanw <at> wasabisystems.com>
2005-05-29 19:22:40 GMT
2005-05-29 19:22:40 GMT
Thor Lancelot Simon <tls <at> rek.tjls.com> writes: > > It appears to assume that any cryptosystem with an IV is doing > > CBC-style feedback. This will break when someone gets around to adding > > the counter modes (see draft-ietf-secsh-newmodes-03.txt), unless their > > state is represented somewhere other than the IV storage.... > > I don't have access to any hardware that does any counter mode (I'm not > even sure if there is any, yet). If you do, I agree that you're probably > going to have to do some interface and client code bashing to make it > work right. Such hardware does exist; for example, the built-in "SEC 2.0" security enging on the Freescale MPC8555E/MPC8541 SoC devices. See http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=MPC8555E Both the reference manual and application note 2755 go into detail on the capabilites of the security engine, which includes AES counter mode, HMACs, lots of elliptic curve stuff I don't understand... - Nathan
RSS Feed