Ralph Holz writes:

> He wanted to scrape off some additional bits when using AES-CBC because
> the messages in his concept are very short (a few hundred bit). So he

I'd rather have a known-safe design than to save 12 bytes.

Seriously: what the hell.

Say you have 1-byte messages, and that the cryptography will expand them to
128 bytes (...you use a MAC, right?). If this overhead factor is really bad
for you, for example because you expect to send thousands of messages per
second, your problem is a bad protocol design. Don't break the safety
mechanism to "support" an inefficient protocol.

Alternately, if you send messages only rarely, the overhead doesn't matter.

My point is, since you have tiny messages, throughput must not be your goal.
And yet, even with 128-byte messages, your messages are so small that
latency and bloat are not problems. You get confidential and MAC'd
communications for less than the cost of a tweet or SMS.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to