On 6/19/2014 11:19 AM, Jeffrey Walton wrote:
...
CCM is probably the oldest of the three, its more complicated, and its
offline (you have to have all data beforehand - you cannot stream data
into it).
Personally, I don't care about GCM's parallelizability because I
require all data to be authenticated before being operated upon.
Note that the parallelizability applies to the sender too.
So with parallel GCM, the sender can start sending before it knows and
encrypts the last part of the plaintext, while a secure receiver still
needs to wait for the end before accepting the data. So the total
delay is
max(encrypt_time, transmit_time) + decrypt_time
while a non-parallelizable mode would have
encrypt_time + transmit_time + decrypt_time
Of cause there are other drawbacks to the various mode that
needs to be considered before choosing one.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org