Thor Lancelot Simon <tls@rek.tjls.com> writes:

> > It appears to assume that any cryptosystem with an IV is doing
> > CBC-style feedback.  This will break when someone gets around to adding
> > the counter modes (see draft-ietf-secsh-newmodes-03.txt), unless their
> > state is represented somewhere other than the IV storage....
> 
> I don't have access to any hardware that does any counter mode (I'm not
> even sure if there is any, yet).  If you do, I agree that you're probably
> going to have to do some interface and client code bashing to make it
> work right.

Such hardware does exist; for example, the built-in "SEC 2.0" security
enging on the Freescale MPC8555E/MPC8541 SoC devices. See

http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=MPC8555E

Both the reference manual and application note 2755 go into detail on
the capabilites of the security engine, which includes AES counter
mode, HMACs, lots of elliptic curve stuff I don't understand...

        - Nathan