IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Your DISCUSS on draft-ietf-secsh-newmodes-05



I wrote:

>AES-CTR is problematic because support for it in crypto hardware is
>practically nonexistent (it's only just appeared as a recent update to PKCS
>#11, and I'm not aware of any hardware that supports it), and it could be
>years (if ever) before it's supported to a useful level.

I've just checked and AES-CTR in PKCS #11 is still at the stage of a draft
proposal.  So effectively AES-CTR support in crypto hardware is currently
nonexistent, unless there's some obscure device that handles it via a custom
driver.  I can't imagine anyone wanting to try synthesising it from ECB,
they'll just not support it rather than kludge around the hardware, since
having to kludge it with software defeats the point of having encryption
hardware.

Peter.



Home | Main Index | Thread Index | Old Index