[Cryptech Tech] Key wrap in HW
sra at hactrn.net
Mon Jun 25 20:17:16 UTC 2018
On Mon, 25 Jun 2018 13:55:27 -0400, Joachim wrote:
> I think Rob, Russ etc need to respond regarding suggestions of
> changing wrapping methods than RFC 3394/RFC 5649 used today.
> I’m just trying to improve the performance of the method used
> today. Quite a lot.
Well, with the understanding that I have no special authority (insert
anarcho-syndicalist commune scene from Monty Python and the Holy Grail):
* The core team picked the current algorithm some time ago via an
IETF-like rough consensus process, and most (all?) of the arguments
against the algorithm we picked were discussed at that time;
* As far as I can tell, the only thing that's changed since we made
that decision is that we now have data showing that our current
implementation of the wrapping algorithm we picked has performance
issues when combined with our current hideously slow FMC bus
* We're already working on the FMC bus speed problem in any case; and
* We've said all along that we want a Verilog implementation of
whatever key wrapping algorithm we use in any case.
To me, this does not constitute a strong case for reopening the
original algorithm decision, at least not yet. That could change if
we fail to solve the performance problem via the approaches we're
already investigating, but we're not at that point and may never be.
More information about the Tech