Torsten Lodderstedt wrote:
...
I don't consider RSA a good option for signing requests from consumer
to resources because of its performance
characteristics. Symmetric algorithms like HMAC are by magnitudes
faster. I did some benachmarking in
a project in 2006. The measurements have been taken on a Windows PC
(Intel Pentium M 1,7 GHz/1GB)
with Java 1.5.
HMAC-MD5: 33000/s (sign and verify)
RSA/512: 434/s (sign), 3300/s (verify)
RSA/1024: 70/s (sign), 1250/s (verify)
As you can see, there is a factor of 10 (verify) to 300 (sign) between
RSA and HMAC-MD5. Today one would use
HMAC-SHA and probably RSA/2048 so I don't expect the proportions to be
better for RSA.
As I mentioned sometime before, I believe that we should refer to
private-key signing rather than RSA, which is just one algorithm that
performs public/private key encryption. (For instance, ECC is another
algorithm, and it is much faster.)
One advantage of using private-key (over symmetric key) signatures is
that they automatically provide non-repudiation, and I would just like
to keep this in the perspective.
And, with many thanks to Torsten for providing the measurements--always
a good thing!--I am puzzled by an apparent reversal in the duration of
signing and verification times. Typically, for the encryption, the RSA
keys are chosen to be small so that public key operations are fast; that
results in the private key operations being slow. It appears to me that
the same choice makes sense for signatures. One party spends time ONCE
signing something, and then verification, performed by others, is fast.
And so my question here is: What was the reason for choosing a private
key short here?
With thanks,
Igor
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
