On Fri, Sep 29, 2000 at 06:14:43PM -0400, Bill Rugolsky Jr. wrote: > On Fri, Sep 29, 2000 at 09:52:01PM +0000, Marc Mutz wrote: > > Anyone wants to bet? I'd say one of Twofish, Serpent, Rijndael. To be > > precise, I'd say Serpent. Because it is fastest in HW and the most > > secure. Software performance was never really high on NISTs list (see > > DES). Twofish, while equally secure as Serpent is very complicated and > > Rijndael can only be elected if the number of rounds is increased, which > > implies a relative performance loss w.r.t. the other two. > > While specialized hardware may be important, CPU/memory speeds may > favor software implementations that allow one to flexibly and simultaneously > do compression, encryption, checksumming, etc. with minimal data touching. > Agreed. And on current CPUs that means ciphers that can be efficiently implemented with MMX and SSE instructions, so you can use the normal registers for compression etc. This again favours ciphers that don't do _random_ table lookups as they are slow when you do vector processing. Also it favours ciphers that don't do 32-bit multiplication as this isn't available (yet). The two ciphers I know that are ideal for this kind of stuff are serpent and IDEA. astor -- Alexander Kjeldaas Mail: astor@xxxxxxx finger astor@xxxxxxxxxxxxxxxxx for OpenPGP key. Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
