Re: Support for ECB from Wan-Teh Chang on 2012-09-05 (public-webcrypto@w3.org from September 2012)

From: Wan-Teh Chang <wtc@google.com>
Date: Wed, 5 Sep 2012 15:03:04 -0700
To: public-webcrypto@w3.org
Message-ID: <CALTJjxFHWR8FwMGQBTikBZUrz1gkputpfE3XjYtC5NPr1fWQKw@mail.gmail.com>

Ryan already summarized my reactions to this proposal in his email,
but it seems useful for me to state them for official record.

1. The design of the Web Crypto API shows a desire to promote good
crypto practices. Exposing the ECB mode runs counter to this design
philosophy.

2. One reason we're considering providing the ECB mode is the
difficulty of specifying the CTR mode parameters that support every
counter incrementing function. I think the CTR mode parameters
specified in the draft are sufficient in practice. Does anyone know of
a protocol that puts the block counter in the high-order bits? Using
LFSR to increment the block counter is attractive to hardware
implementations, but seems awkward for software.

In summary, I would not object to exposing the ECB mode, but I don't
see a strong need for it. In particular, exposing the ECB mode should
not be our way to avoid specifying the CTR mode.

Wan-Teh

Received on Wednesday, 5 September 2012 22:03:31 UTC