>> So I need a high performance solution that can handle many connections >> with little server load. >> >> 1. SSL is a good solution but is not high performance - it's more >> suitable for encryption of a web page. When establishing connection more >> that 100 connections are used to perform the SSL handshake and is not >> suitable for big bynary data. > >I don't know where you're getting that from, but it's totally incorrect. >The SSL handshake, if repeated between the same two endpoints multiple >times, is quite high performance because the sessions can be cached. As >for big binary data, why do you think SSL is unsuitable?
My mistake, sorry. > >> 2. Symethric encryption is more suitable because it is higth performance >> and will scale very well. > >SSL is symmetric encryption. PK is used for session setup and key >negotiation, but the encryption of bulk data is symmetric. > >> I need a high performance optimizad solution. >> >> What is your opinion? >> What will be the best approach? > >SSL. It's already well-maintained and heavily optimized. It can easily >be proxied without understanding the underlying application protocol. >Padding, message integrity, session caching, authentication and the like >are already done. > >As a plus, SSL permits easily adjusting the encryption and >authentication schemes to provide the desired balance between >performance and security. And SSL accelerators are widely available -- >for example, newer Intel processors have AES acceleration, so if you use >SSL, those who have them can choose AES as the bulk encryption protocol. >Had you decided on blowfish and locked it in the way you seem to be >planning, it would take significant changes to get the benefit of AES-NI. > >Also, you will have a much harder time getting your project accepted if >you just made up the security scheme yourself. The effort required to >ensure the scheme was properly designed and implemented (especially >given all the false starts and misunderstandings so far) would almost >certainly drastically outweigh any hypothetical performance benefit you >might get. > >DS > Ok, I agree. It's better to use SSL. Do you know where I can find multithreaded and optimazed source code of SSL server and client? I found many examples with SSL servers but they are simple examples. And also have you see benchmarks of the latest openssl version? Regards Peter ----------------------------------------------------------------- Дизайнерски обувки с до -70%. Регистрирай се и пазарувай. http://clk.tradedoubler.com/click?p=191500&a=1875689&g=19425934
