[Cryptech Tech] Key wrap in HW

Rob Austein sra at hactrn.net
Mon Jun 25 20:17:16 UTC 2018

On Mon, 25 Jun 2018 13:55:27 -0400, Joachim wrote:
> I think Rob, Russ etc need to respond regarding suggestions of
> changing wrapping methods than RFC 3394/RFC 5649 used today.
> I’m just trying to improve the performance of the method used
> today. Quite a lot.

Well, with the understanding that I have no special authority (insert
anarcho-syndicalist commune scene from Monty Python and the Holy Grail):

* The core team picked the current algorithm some time ago via an
  IETF-like rough consensus process, and most (all?) of the arguments
  against the algorithm we picked were discussed at that time;

* As far as I can tell, the only thing that's changed since we made
  that decision is that we now have data showing that our current
  implementation of the wrapping algorithm we picked has performance
  issues when combined with our current hideously slow FMC bus
  transfer speed;

* We're already working on the FMC bus speed problem in any case; and

* We've said all along that we want a Verilog implementation of
  whatever key wrapping algorithm we use in any case.

To me, this does not constitute a strong case for reopening the
original algorithm decision, at least not yet.  That could change if
we fail to solve the performance problem via the approaches we're
already investigating, but we're not at that point and may never be.


More information about the Tech mailing list