[Ach] The sad story of lonely AES-CTR
Aaron Zauner
azet at azet.org
Tue Dec 17 20:34:27 CET 2013
k. There are different drafts for AES-CTR. But still. It’s not included in any cipher suite, I can’t even find a mention in the IANA list.
https://tools.ietf.org/html/draft-ietf-tls-ctr-00
http://www.ietf.org/proceedings/64/slides/tls-2.pdf
On 17 Dec 2013, at 20:26, Aaron Zauner <azet at azet.org> wrote:
> Ohai.
>
> Does anyone know why OpenSSL 1.0.1e supports AES-CTR as block cipher mode but misses AES-CTR completely in ciphersuites?
>
> As it seems Counter Mode never made it to the RFC: http://tools.ietf.org/html/rfc5288
> GCM did.
>
> “If my calculations are correct” AES-CTR would be significantly faster than AES-GCM (since openssl speed does not support benching aes-gcm nor aes-ctr I simply went for a complexity comparison - I should maybe write a real test for that as well).
>
>
> BTW. Ben Laurie commited an exotic chaining mode called IGE to OpenSSL some time ago:
> “”"
> Infinite Garble Extension (IGE) is a block cipher mode[1]. It has the property
> that errors are propagated forward indefinitely. Bi-directional IGE (biIGE)
> propogates errors in both directions: that is, any change to the ciphertext will
> cause all of the plaintext to be corrupted.
> “”"
> http://www.links.org/files/openssl-ige.pdf
>
> Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131217/560e358b/attachment.sig>
More information about the Ach
mailing list