On Thu, Jun 19, 2014 at 4:48 AM, Michel <msa...@paybox.com> wrote: > Ok, I have missed that point (and probably many others...) > I need to go deeper to better understand things, > and I am grateful for your explanations. If AEAD schemes are your thing, then you might take a look at David Wagner's http://www.cs.berkeley.edu/~daw/talks/FSE04eax.ppt. Slide 7 has a nice comparison of CCM, CWC, EAX and GCM modes of operation.
The three biggest seem to be (1) patent avoidance, (2) online vs offline, and (3) parallelizable. CWC is a single pass scheme but its patented (the CWC designers hold the patent for the single pass). I believe the remainder of the schemes are double pass to avoid the single pass patent. CCM is probably the oldest of the three, its more complicated, and its offline (you have to have all data beforehand - you cannot stream data into it). Personally, I don't care about GCM's parallelizability because I require all data to be authenticated before being operated upon. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
