Directions for crypto make_checksum/verify_checksum
Tom Yu
tlyu at MIT.EDU
Mon Dec 7 15:12:07 EST 2009
ghudson at MIT.EDU writes:
> Note that cbc_checksum would have to allocate a temporary buffer to
> store the encrypted output in order to compute the resulting ivec,
> which is less efficient than the current mechanism of computing descbc
> checksums. I think that's a small price to pay for a smaller module
> SPI footprint, since I don't think the descbc checksum type gets any
> significant use.
How about making the enc provider for DES-CBC operate efficiently with
a missing output buffer? That way you could use it for CBC-MAC by
omitting an output buffer but providing an output ivec. I'd have to
take a closer look to see if that sort of approach would also make
implementing CCM easier.
More information about the krbdev
mailing list