Re: Reverse of @STRENGTH?

Mon, 25 Aug 2003 04:19:16 +0000 


> I have never expected a request like this... thus I have not implemented
> @WEAKEST :-)

No sane person would have...

> Nevertheless, I would recommend you to reconsider your goal. The "strength"
> given by the number of "secret" bits is not proportional to the speed.

That's a damned fine point.

> RC4 by design is a 128bit alogrithm. When using 40bit RC4, the 128bit
> algorithm is used but 88bit are fixed and known. AES was designed with
> software implementations in mind while DES is known to favor hardware
> implementations. It may therefore well be possible that AES128 might
> even be faster than DES168, depending on the implementation and machine.
> 
> HP-UX 10.20, HP's ANSI C compiler with +O4:
> The 'numbers' are in 1000s of bytes per second processed.
> type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
> des cbc           3606.59k     3815.63k     3879.86k     3892.93k     3891.20k
> des ede3          1480.06k     1537.94k     1558.34k     1556.96k     1558.68k
> aes-128 cbc       6142.92k     6611.84k     6724.15k     6782.11k     6773.52k
> aes-192 cbc       5749.39k     6117.82k     6215.65k     6282.48k     6241.26k
> aes-256 cbc       5340.24k     5687.77k     5792.13k     5793.85k     5830.78k
> 
> As you can easily see, AES on HP-UX is much faster than DES. Even AES256 beats
> the hell out of DES (56bit)... :-)
> On other platforms the results may differ.
> 
> Thus, if you have control over both sides of the channel, you might consider
> to optimize your cipher suite against the result of "openssl speed". If you
> don't know your peer's platform, well, ...

Specifically what I'm doing is implementing SSL into Nmap for
service detection.  It's going to create 1-15 SSL connections,
and anywhere between 0 and ~200 bytes will be sent across the
wire and the connection is torn down.  Speed is absolutely
the most important thing.  I'm not sure that I'll be able
to easily build in session-id caching with how the code exists
right now.  We're not going to check certificates in any way.
If a MITM want's to play game, that's a shame but we don't care.
Security of the connection is, quite simply, 100% irrelevant.

I guess I was thinking @SPEED.  Since the order will differ based
on hardware, accelerators, etc, this is probably impossible to define.
I'll try to use 'openssl speed' to guestimate a proper order.  Once
I get the rest of it working...






--
Brian Hatch                  "So Zathras talks to dirt.
   Systems and                Sometimes talks to walls,
   Security Engineer          or talks to ceilings.
http://www.ifokr.org/bri/     But dirt is closer."

Every message PGP signed

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to