> CTR mode offers very little advantage over CBC or CFB or OFB -- the > motivation for IPsec was very high speed, parallel encryption with > precomputation of the keystream (according to the Rt. Hon. Rev. > Bellovin, IETF Security Area co-chair).
A very important consideration for ultra high performance h/w ipsec implementations. Chaining modes like CBC just simply cannot go fast enough. It was also important for secure RTP, not for performance so much but for the alility to not have to pad plaintext out to an even blocksize of the cipher when using a block cipher (such as AES). This was very important for them because those tiny RTP packets would get expanded a lot when encrypted in a CBC mode. Stream ciphers could not be used for other reasons (packet reordering/loss, for example). Now.. Why SSL/TLS would need this mode is a bit more questionable.. ? I was just chiming in because OSSL's crypto libs are used for lots of non-SSL applications. -lee ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]