AES Modes
John Kelsey
kelsey.j at ix.netcom.com
Tue Oct 12 09:57:15 EDT 2004
>From: Ian Grigg <iang at systemics.com>
>Sent: Oct 10, 2004 11:11 AM
>To: Metzdowd Crypto <cryptography at metzdowd.com>
>Subject: AES Modes
>I'm looking for basic mode to encrypt blocks (using AES)
>of about 1k in length, +/- an order of magnitude. Looking
>at the above table (2nd link) there are oodles of proposed
>ones.
>It would be nice to have a mode that didn't also require
>a separate MAC operation - I get the impression that
>this is behind some of the proposals?
I think CCM is just about perfect for this goal. The MAC isn't free, but it's integrated into the chaining mode. There are also some patented modes that provide a MAC for almost no extra computation(OCB, IACBC), and some proposed modes that combine an efficient, parallelizeable MAC with encryption in a secure way (CWC,GCM), though none of these are standards yet.
>iang
--John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list