Fwd: Re: Determine interest: AES with IGE mode?

Ben Wiederhake ben.wiederhake at gmail.com
Fri Oct 2 15:18:06 CEST 2015

Whoops, forgot to CC the mailing list.

-------- Weitergeleitete Nachricht --------
Betreff: Re: Determine interest: AES with IGE mode?
Datum: Fri, 02 Oct 2015 15:16:48 +0200
Von: Ben Wiederhake <Ben.Wiederhake at gmail.com>
An: Werner Koch <wk at gnupg.org>


>> If there are any concrete concerns about security, it may be worth to
>> put it into libgcrypt as deprecated. Then:
>> - People who desparately need AES_IGE (like us) have access to it.
>> - People who don't really require it can see that it is deprecated.
> Interesting NEWS line then
>   * Support for the new but deprecated IGE mode.

I know, sorry, but there definitely are people who are going to need it.

> Given that our cipher mode implementation is pretty modular I am not
> against adding it as long as there is only a generic mode and no bulk
> mode optimization.

I absolutely agree.

In some not-really-representative tests ("encode a 2 GiB file on a quiet
system"), the encryption process was only limited by my harddrive,
potentially exceeding 60 MiB/s.

While that's slow in comparison to highly optimised AES implementations,
it's still pretty good, given that it's not even using the optimized
buf_xor function (or whatever it was called). So there is (hopefully) no
need in such a highly optimized version.

With regards
Ben Wiederhake

More information about the Gcrypt-devel mailing list