[Cryptography] How should we encrypt external mail attachments
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Aug 4 00:44:52 EDT 2021
John-Mark Gurney <jmg at funkthat.com> writes:
>AES CBC is slow to encrypt due to it's data dependency.
I keep seeing this claim all over the place, but whenever people make it they
always forget to mention that it only applies if you've got a highly pipelined
streaming hardware implementation. For a standard implementation, it's
slightly slower than CBC, e.g:
https://www.cryptopp.com/benchmarks.html
>I'd recommend something else, like AES-GCM-SIV:
I wouldn't. It trades off resistance against the brittleness of GCM by
requiring two complete passes over the data, which makes it a non-starter in
most situations, and in particular in this case where its intended application
is very large data quantities.
Peter.
More information about the cryptography
mailing list