For the non-aficinionadoes, ECB is the electronic code book mode where each 16 byte block is independently encrypted/decrypted. As such, it can reveal a great deal about an encrypted document or stream as a repeating block will always have the same encrypted form.
The Ciphertext Block Chaining (CBC) works around this problem by XORing the previous block's ciphertext with the next block's plaintext before encryption. This makes it measureably, but not significantly, slower than ECB. Another interesting variationon CBC is Ciphertext Stealing mode (CTS) used to handle plaintexts of lengths that are not multiples of 16 bytes without padding. Ciphertext stealing works by padding the unused tail of the last -- and incomplete -- block with the trailing byes of the previous blocks ciphertext before encryption, transmitting this last block before the next to last block, then transmitting the next to last encrypted block truncated the the original length of the last block. It's a really cute hack, but it obviously doesn't work on plaintexts less than 16 bytes. The differences between AES in software and AES-NI (new instructions) will vary wildly depending whether AES-NI is implemented in just microcode or actual hardware. But none of these affect the security of AES. AES-256 isn't significantly more secure than AES-128 for normal computers, though NSA believes it will be more resilient against attack by quantum computers, if they ever show up. Personally, this is not something I'm losing sleep over. Jim Starkey > On Aug 31, 2015, at 2:01 AM, dbo...@poen.net wrote: > > Hi James, > > more numbers here. > > Soft. AES implementation vs AES-NI implementation, 512 MB, ECB mode of > operation, single core, buffer size 32kB, Windows: > AES 128: 3873 ms (average calculated on 10 measurements) > AES-NI 128: 1067 ms (average calculated on 10 measurements) > > Numbers are from my study, and they were also computed on pretty cheap > notebook. The obtained results are similar to Intel's papers (there are > many). > > I will try to implement ChaCha20 on Windows over the next few days. > > Boris Damjanović > > >> Here are some numbers. The numbers were comoued on my boat computer, >> which >> is a very cheap notebook, so consider them relative, not absolute. >> >> 10mb encryption with a single key: >> >> RC4: 0.021 seconds >> ChaCha20: 0.007 >> AES-128: 0.212 >> >> 10mb encryption setting key every 1024 bytes: >> >> RC4: 0.201 seconds >> ChaCha20: 0.091 >> AES-128: 2.400 >> >> ChaCha20 is a clear winner. And it has a cool name. >> >> I make no claims that the AES implementation is anywhere near optimal -- >> it >> is one I found with an acceptable license and not deeply embedded in a >> huge >> crypto library. AES, unlike the stream ciphers, has opportunities for >> what >> D. J. Bernstein (the crypto god who invented ChaCha20 and all sorts of >> other good and valuable stuff) calls voodoo. >> >> >> >> -- >> Jim Starkey >> ------------------------------------------------------------------------------ >> Firebird-Devel mailing list, web interface at >> https://lists.sourceforge.net/lists/listinfo/firebird-devel >> > > > > ------------------------------------------------------------------------------ > Firebird-Devel mailing list, web interface at > https://lists.sourceforge.net/lists/listinfo/firebird-devel ------------------------------------------------------------------------------ Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
