Curious question - still more about AES and CBC and openssl:
Does the number of rounds during the encryption phase of it have to
match the number of rounds during the decryption phase of it, or does
it not matter? (i.e. the rounds count really only matters during the
encryption-only phase, and
Is AES-CBC decryption independent of the number of rounds that was
used during the encryption process? 0.o?
On Sun, Mar 17, 2013 at 10:04 AM, Ewen Chan chan.e...@gmail.com wrote:
Curious question - still more about AES and CBC and openssl:
Does the number of rounds during the encryption phase
Are their pre-compiled programs already where I could be able to
see/play with the effects of changing the number of rounds using the
Rijndael algorithm?
On Sun, Mar 17, 2013 at 11:23 AM, Ewen Chan chan.e...@gmail.com wrote:
Is AES-CBC decryption independent of the number of rounds that was
AES/Rijndahl
AES has fixed number of rounds and other parameters.
Rijndahl allows you to specify the algorithm parameters including number
of rounds.
Steven J. Hathaway
So is the number of rounds set by Rijndahl or the AES spec? I'm confused.
And is the number of rounds hard-coded into the
Thanks.
Is the name spelt Rijndael or Rijndahl?
On Sat, Mar 16, 2013 at 8:15 PM, shath...@e-z.net wrote:
AES/Rijndahl
AES has fixed number of rounds and other parameters.
Rijndahl allows you to specify the algorithm parameters including number
of rounds.
Steven J. Hathaway
So is the
Congrats! you caught my typing error.
Steven J. Hathaway
Thanks.
Is the name spelt Rijndael or Rijndahl?
On Sat, Mar 16, 2013 at 8:15 PM, shath...@e-z.net wrote:
AES/Rijndahl
AES has fixed number of rounds and other parameters.
Rijndahl allows you to specify the algorithm parameters
I was just curious, cuz other people have spelled it that way as well.
And I just wanted to be sure. Thanks.
On Sat, Mar 16, 2013 at 11:29 PM, shath...@e-z.net wrote:
Congrats! you caught my typing error.
Steven J. Hathaway
Thanks.
Is the name spelt Rijndael or Rijndahl?
On Sat, Mar 16,
I don't know the interfaces to OpenSSL, but AES-192 specifies the number
of rounds. The approved AES algorithms specify a subset of Rijndahl
cipher whereby you can specify alternative numbers of rounds, key
sizes, and block sizes.
Sincerely,
Steven J. Hathaway
There's a file that I want to
So is the number of rounds set by Rijndahl or the AES spec? I'm confused.
And is the number of rounds hard-coded into the OpenSSL source; or is
it embedded somewhere else?
On Fri, Mar 15, 2013 at 7:27 PM, shath...@e-z.net wrote:
I don't know the interfaces to OpenSSL, but AES-192 specifies the
There's a file that I want to encrypt using AES-192-CBC but with 19
rounds rather than the default 12-rounds.
Is there a way for me to specify the number of rounds that I would
like to use with the AES-192-CBC? (and override the algorithm
defaults)?
Is that something that I can within the
If you change the number of rounds, then it's not AES anymore, but a
custom Rijndael.
Reading the source code, it appears there's no support for that in
OpenSSL (and poking inside an AES_KEY to change the number of rounds
probably won't work).
--
Erwann ABALEA
Le 13/03/2013 14:32, Ewen Chan
So the algorithms include the number of rounds? I thought that it
would only describe the math process and that it would be independent
of the number of rounds (so long as you meed Rijndael's minimum -
which is what the current number of rounds is set/default as).
I did not know that.
The algorithm Rijndael has some knobs you can turn to tune.
The standard AES has these parameters fixed in stone.
AES-192 is effectively less secure than AES-256 because of the key
length and number of rounds.
But less secure may be secure enough. In fact, AES-128 is secure
enough for most
There's a file that I want to encrypt using AES-192-CBC but with 19 rounds
rather than the default 12-rounds.
Is there a way for me to specify the number of rounds that I would like to use
with the AES-192-CBC? (and override the algorithm defaults)?
Is that something that I can within the
Thanks.
On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea
erwann.aba...@keynectis.com wrote:
The algorithm Rijndael has some knobs you can turn to tune.
The standard AES has these parameters fixed in stone.
AES-192 is effectively less secure than AES-256 because of the key length
and number of
Would it be faster to encrypt/decrypt AES-256-CBC with an AES-NI
enabled CPU or would it faster do it with a GPGPU?
Does OpenSSL even support GPU acceleration?
On Wed, Mar 13, 2013 at 11:44 AM, Ewen Chan chan.e...@gmail.com wrote:
Thanks.
On Wed, Mar 13, 2013 at 10:56 AM, Erwann Abalea
GPGPU isn't natively supported. You can write your own engine if you
want, but I think memory transfers will dominate the cost.
AES-NI is natively supported (I get about 550MB/s on my i5 M540 @2.53
GHz for 8k blocks).
--
Erwann ABALEA
Le 13/03/2013 16:49, Ewen Chan a écrit :
Would it be
I'm quite new to openSSL and AES and cryptography as a whole, so
please forgive my stupid questions.
I've read that because of the way that the AES-CBC works that it
depends on the result from the previous round in order to encrypt the
current round that it is inherently not well suited for
Le 13/03/2013 17:17, Ewen Chan a écrit :
I'm quite new to openSSL and AES and cryptography as a whole, so
please forgive my stupid questions.
You then may start by reading the different manpages, then. OpenSSL is a
large beast, and you won't do anything useful without reading.
I've read
Yea, I've tried reading the man pages, but it doesn't list all of the
options available on there (which would tend to indicate that it is a
little behind compared to the development and released versions of
OpenSSL).
Do you need the '-evp' flag to use '-engine aesni' or they operate
independent
You are right about AES-CBC. Palatalization of block encryption is not
really possible. If you want to encrypt blocks in parallel then you should
use AES-CTR.
Kris
- Original Message
From: openssl-users@openssl.org
To: Erwann Abalea erwann.aba...@keynectis.com
Cc:
If what you want is simply encrypt and decrypt files using command-line
openssl executable, then you don't need to play with engine or evp options.
openssl enc uses the EVP interface, which in turn will make use of
AES-NI instructions if available (or SSE3, SSE2, SSE, anything available
on the
Wouldn't enabling AES-NI during the encryption/decryption process make
it run faster?
So even if I'm just running the openssl command-line executable,
processing those files with AES-NI enabled (via '-engine aesni') would
be faster than if I left that part out?
(I'm still a little fuzzy as to
Le 13/03/2013 19:10, Ewen Chan a écrit :
Wouldn't enabling AES-NI during the encryption/decryption process make
it run faster?
Of course.
So even if I'm just running the openssl command-line executable,
processing those files with AES-NI enabled (via '-engine aesni') would
be faster than if
I'm asking about the '-engine aesni' flag because when I google
openssl aes-ni - that's what comes up.
I've never used it before, but I'm about to as I've recently aquired a
system that supports AES-NI.
I'm also asking because I'm about to encrypt a whole bunch of files
and some of them are
Le 13/03/2013 20:06, Ewen Chan a écrit :
I'm asking about the '-engine aesni' flag because when I google
openssl aes-ni - that's what comes up.
I've never used it before, but I'm about to as I've recently aquired a
system that supports AES-NI.
I'm also asking because I'm about to encrypt a
I'm running on a 30 TB server with about 1.4 million files.
I think that at last audit, the single largest file is 45 GB (as an example).
And I'm prepping to run AES-256-CBC.
The host system has a SATA 6 Gbps, 10 drive, RAID5 array; so I'm
pretty sure that I can peg (or at least supply) the
On Wed, Mar 13, 2013 at 04:00:48PM -0400, Ewen Chan wrote:
I'm running on a 30 TB server with about 1.4 million files.
I think that at last audit, the single largest file is 45 GB (as an example).
And I'm prepping to run AES-256-CBC.
The host system has a SATA 6 Gbps, 10 drive, RAID5
The problem that I initially ran into when I was creating the volume
was that there wasn't a Linux file system that could handle a 27 TB
volume. The closest that I got was Btrfs and the time, it was still in
I think 0.98alpha or something like that.
Also as a result of that, there were no data
29 matches
Mail list logo
