[3375] in cryptography@c2.net mail archive
Re: key setup isn't important
daemon@ATHENA.MIT.EDU (John Kelsey)
Fri Sep 25 13:50:45 1998
From: "John Kelsey" <kelsey@plnet.net>
To: <perry@piermont.com>, <cryptography@c2.net>
Date: Thu, 24 Sep 1998 20:04:37 -0500
> From: Perry E. Metzger <perry@piermont.com>
> Subject: key setup isn't important
> Date: Thursday, September 24, 1998 1:16 PM
> Key setup times are not that important in a key agile system like
> ipsec.
> Most crypto libraries let you save your set up key in a data
structure
> and pass that data structure to the encrypt/decrypt functions. Once
> you've set up the keys once, even if you have to change which
pre-set
> up key you are using at each and every encryption call, it is just
a
> question of selecting the correct "key context" to pass to the
calls.
Does it matter how large the key context is? Contrast something like
3DES
or RC6 (with reasonably small key contexts) with something like
Blowfish
or SEAL (with enormous key contexts). I have seen systems for which
huge
key contexts were a big pain to handle. This may or may not be
representative
of IPSec applications in general.
> In summary, key setup time isn't that important for IPSec.
>
> Perry
--John Kelsey, kelsey@counterpane.com / kelsey@plnet.net
NEW PGP print = 5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF
