[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: Decryption succeed in GCM mode when tag is truncated
From: Jakob Bohm <jb-openssl () wisemo ! com>
Date: 2014-06-19 16:57:27
Message-ID: 53A31677.5010008 () wisemo ! com
[Download RAW message or body]
On 6/19/2014 11:19 AM, Jeffrey Walton wrote:
> ...
> CCM is probably the oldest of the three, its more complicated, and its
> offline (you have to have all data beforehand - you cannot stream data
> into it).
>
> Personally, I don't care about GCM's parallelizability because I
> require all data to be authenticated before being operated upon.
>
Note that the parallelizability applies to the sender too.
So with parallel GCM, the sender can start sending before it knows and
encrypts the last part of the plaintext, while a secure receiver still
needs to wait for the end before accepting the data. So the total
delay is
max(encrypt_time, transmit_time) + decrypt_time
while a non-parallelizable mode would have
encrypt_time + transmit_time + decrypt_time
Of cause there are other drawbacks to the various mode that
needs to be considered before choosing one.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic