[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What price security?



Perry E. Metzger says:
> I used to think that 3DES and other algorithms like it were "too
> expensive".
> Extensive day to day use of SSH taught me otherwise. I 3DES encrypt
> ALL my network traffic these days -- backups, remote logins, the works
> -- and I never notice the speed loss.

Depends on what you're doing, of course. Five years ago I used 3DES
for telnet, and - surprise - never noticed the speed loss. Now try
real-time video-conferencing and tell me if you notice any 
performance degradation.

> Actually working with implementations often teaches one things one
> wouldn't have suspected from a theoretical viewpoint. My guess is that
> 3DES is only too expensive if you are trying to push a lot of data
> through an old embedded microprocessor based system where you just
> don't have the juice to do the work.

I think your guess is only partially correct. It depends mostly on
how much data you're pushing through.

> On anything remotely modern, or
> anything where you aren't pumping lots of data (and hypothetical SNMP
> enabled lightbulbs aren't going to be pushing lots of data), you will
> not notice the overhead.

No, SNMP shouldn't move lots of data (unless the design is screwed up :-).
But today there are other protocols that do load the network (:-).

To summarize: there are applications today, where 3DES delays things
visibly, and from cryptography point of view there is no need to pay
that price. On the other hand, plenty of applications today can live
with 3DES on today's or yesterday's hardware...
-- 
Regards,
Uri		uri@watson.ibm.com
-=-=-=-=-=-=-
<Disclaimer>


Follow-Ups: References: