Encryption and authentication modes
Florian Weimer
fweimer at bfk.de
Wed Jul 14 04:52:50 EDT 2010
What's the current state of affairs regarding combined encryption and
authentication modes?
I've implemented draft-mcgrew-aead-aes-cbc-hmac-sha1-01 (I think, I
couldn't find test vectors), but I later came across CCM and EAX. CCM
has the advantage of being NIST-reviewed. EAX can do streaming (but
that's less useful when doing authentication). Neither seems to be
widely implemented. But both offer a considerable reduction in
per-message overhead when compared to the HMAC-SHA1/AES combination.
Are there any other alternatives to consider? Are there any traps I
should be aware of when implementing CCM?
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list