What's the current state of affairs regarding combined encryption and
authentication modes?

I've implemented draft-mcgrew-aead-aes-cbc-hmac-sha1-01 (I think, I
couldn't find test vectors), but I later came across CCM and EAX.  CCM
has the advantage of being NIST-reviewed.  EAX can do streaming (but
that's less useful when doing authentication).  Neither seems to be
widely implemented.  But both offer a considerable reduction in
per-message overhead when compared to the HMAC-SHA1/AES combination.

Are there any other alternatives to consider?  Are there any traps I
should be aware of when implementing CCM?

-- 
Florian Weimer                <fwei...@bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstra├če 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to