[Cryptography] How should we encrypt external mail attachments

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Aug 4 00:44:52 EDT 2021


John-Mark Gurney <jmg at funkthat.com> writes:

>AES CBC is slow to encrypt due to it's data dependency.

I keep seeing this claim all over the place, but whenever people make it they
always forget to mention that it only applies if you've got a highly pipelined
streaming hardware implementation.  For a standard implementation, it's
slightly slower than CBC, e.g:

https://www.cryptopp.com/benchmarks.html

>I'd recommend something else, like AES-GCM-SIV:

I wouldn't.  It trades off resistance against the brittleness of GCM by
requiring two complete passes over the data, which makes it a non-starter in
most situations, and in particular in this case where its intended application
is very large data quantities.

Peter.



More information about the cryptography mailing list