[Cryptech Tech] Key wrap in HW

[Leif Johansson]

Skickat från min iPhone

> 25 juni 2018 kl. 22:17 skrev Rob Austein <sra at hactrn.net>:
> 
>> On Mon, 25 Jun 2018 13:55:27 -0400, Joachim wrote:
>> 
>> I think Rob, Russ etc need to respond regarding suggestions of
>> changing wrapping methods than RFC 3394/RFC 5649 used today.
>> I’m just trying to improve the performance of the method used
>> today. Quite a lot.
> 
> Well, with the understanding that I have no special authority (insert
> anarcho-syndicalist commune scene from Monty Python and the Holy Grail):
> 
> * The core team picked the current algorithm some time ago via an
>  IETF-like rough consensus process, and most (all?) of the arguments
>  against the algorithm we picked were discussed at that time;
> 
> * As far as I can tell, the only thing that's changed since we made
>  that decision is that we now have data showing that our current
>  implementation of the wrapping algorithm we picked has performance
>  issues when combined with our current hideously slow FMC bus
>  transfer speed;
> 
> * We're already working on the FMC bus speed problem in any case; and
> 
> * We've said all along that we want a Verilog implementation of
>  whatever key wrapping algorithm we use in any case.
> 
> To me, this does not constitute a strong case for reopening the
> original algorithm decision, at least not yet.  That could change if
> we fail to solve the performance problem via the approaches we're
> already investigating, but we're not at that point and may never be.

Good analysis.

> 
> YMMV.
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech