On Fri, 28 Oct 2022, Guillaume Solignac (gsoligna) wrote:
Is this requirement only based on not reusing the same IV on different cores or
is there an additional factor I missed?
For AES-GCM there is a 2^32 max operations per private key as well.
Are you referring to NIST SP 800-38D § 8.3 ?
Hi Tero,
> Question is how many CPUs do you need to saturate 100 Gbit/s network
> link compared to how many HSM CPUs you need? is there more than 10
> times bigger number between them.
I think it depends on both CPUs and HSMs :-) And on algorithm too.
For example, AES has implemented in most
Valery Smyslov writes:
> > There is no point of one having for example 10 fast cpus sending
> > traffic over 10 Child SA, when the receiving end only has two cpus
> > which are about same than the other ends cpus. The receiving end will
> > not be able to keep up with the traffic it is getting in,
Paul Ponchon \(pponchon\) writes:
> > > Using different real child SA’s was needed to ensure the
> > > cryptographic security properties.
>
> Is this requirement only based on not reusing the same IV on different cores
> or is there an additional factor I missed?
IV space and replay counter are
Paul,
> > Is this requirement only based on not reusing the same IV on different
> > cores or is there an additional factor I missed?
> For AES-GCM there is a 2^32 max operations per private key as well.
Are you referring to NIST SP 800-38D § 8.3 ? This is the closest I could find
to this
HI Tero,
> In your discussion you were talking about cases where one device has
> hundreds of cpus and other have few. Only case where such
> configurations would be useful when other has lots of really low
> powered cpus and other one has few very fast ones. My understanding is
> that this is
