Re: Your DISCUSS on draft-ietf-secsh-newmodes-05

To: ietf-ssh%netbsd.org@localhost
Subject: Re: Your DISCUSS on draft-ietf-secsh-newmodes-05
From: pgut001%cs.auckland.ac.nz@localhost (Peter Gutmann)
Date: Fri, 09 Sep 2005 01:23:25 +1200

I wrote:

>AES-CTR is problematic because support for it in crypto hardware is
>practically nonexistent (it's only just appeared as a recent update to PKCS
>#11, and I'm not aware of any hardware that supports it), and it could be
>years (if ever) before it's supported to a useful level.

I've just checked and AES-CTR in PKCS #11 is still at the stage of a draft
proposal.  So effectively AES-CTR support in crypto hardware is currently
nonexistent, unless there's some obscure device that handles it via a custom
driver.  I can't imagine anyone wanting to try synthesising it from ECB,
they'll just not support it rather than kludge around the hardware, since
having to kludge it with software defeats the point of having encryption
hardware.

Peter.

Prev by Date: Re: Your DISCUSS on draft-ietf-secsh-newmodes-05
Next by Date: Re: New core drafts - was: Re: nit in draft-ietf-secsh-connect-25.txt
Previous by Thread: draft-ietf-secsh-publickey-subsystem is now a guinea pig.
Next by Thread: keyboard-interactive auth
Indexes:

Home | Main Index | Thread Index | Old Index