Re: [cryptography] AES-GMAC as a hash

2009-09-08 Thread Eric Young
Darren J Moffat wrote: Ignoring performance for now what is the consensus on the suitabilty of using AES-GMAC not as MAC but as a hash ? Would it be safe ? The key input to AES-GMAC would be something well known to the data and/or software. The only reason I'm asking is assuming it can be

Re: [cryptography] 5x speedup for AES using SSE5?

2008-08-26 Thread Eric Young
Hovav Shacham wrote: On Aug 24, 2008, at 5:20 AM, Peter Gutmann wrote: Speaking of CPU-specific optimisations, I've seen a few algorithm proposals from the last few years that assume that an algorithm can be scaled linearly in the number of CPU cores, treating a multicore CPU as some kind

Re: [cryptography] 5x speedup for AES using SSE5?

2008-08-24 Thread Eric Young
Paul Crowley wrote: http://www.ddj.com/hpc-high-performance-computing/201803067 In the above Dr Dobb's article from a little over a year ago, AMD Senior Fellow Leendert vanDoorn states the Advanced Encryption Standard (AES) algorithm gets a factor of 5 performance improvement by using the

Re:5x speedup for AES using SSE5?

2008-08-24 Thread Eric Young
Eric Young wrote: I've not looked at it enough yet, but currently I'm doing an AES round in about 140 cycles a block (call it 13 per round plus overhead) on a AMD64, (220e6 bytes/sec on a 2ghz cpu) using normal instructions. Urk, correction, I forgot I've recently upgraded from a 2ghz machine

Re: The perils of security tools

2008-05-24 Thread Eric Young
#ifndef PURIFY MD_Update(m,buf,j); /* purify complains */ #endif I just re-checked, this code was from SSLeay, so it pre-dates OpenSSL taking over from me (about 10 years ago, after I was assimilated by RSA Security). So in some ways I'm the one at fault for not

Re: [cryptography] Re: Why the exponent 3 error happened:

2006-09-17 Thread Eric Young
James A. Donald wrote: -- James A. Donald wrote: Code is going wrong because ASN.1 can contain complicated malicious information to cause code to go wrong. If we do not have that information, or simply ignore it, no problem. Ben Laurie wrote: This is incorrect. The simple form of the

Re: Exponent 3 damage spreads...

2006-09-12 Thread Eric Young
Jostein Tveit wrote: Anyone got a test key with a real and a forged signature to test other implementations than OpenSSL? Well, since this in not really an issue about forging signatures, rather invalid verification, I've appended 2 self-signed certs (resigned apps/server.pem), one with a

Re: AES Modes

2004-10-19 Thread Eric Young
Quoting Brian Gladman [EMAIL PROTECTED]: Ian Grigg wrote: Jack Lloyd also passed along lots of good comments I'd like to forward (having gained permission) FTR. I've edited them for brevity and pertinence. [snip] I'm obviously being naive here ... I had thought that the combined