[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: Decryption succeed in GCM mode when tag is truncated
From:       Jakob Bohm <jb-openssl () wisemo ! com>
Date:       2014-06-19 16:57:27
Message-ID: 53A31677.5010008 () wisemo ! com
[Download RAW message or body]

On 6/19/2014 11:19 AM, Jeffrey Walton wrote:
> ...
> CCM is probably the oldest of the three, its more complicated, and its
> offline (you have to have all data beforehand - you cannot stream data
> into it).
>
> Personally, I don't care about GCM's parallelizability because I
> require all data to be authenticated before being operated upon.
>
Note that the parallelizability applies to the sender too.

So with parallel GCM, the sender can start sending before it knows and
encrypts the last part of the plaintext, while a secure receiver still
needs to wait for the end before accepting the data.  So the total
delay is
   max(encrypt_time, transmit_time) + decrypt_time
while a non-parallelizable mode would have
   encrypt_time + transmit_time + decrypt_time

Of cause there are other drawbacks to the various mode that
needs to be considered before choosing one.


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]