Re: What price security?

["Perry E. Metzger" <perry@piermont.com>]

Uri Blumenthal writes:
> Depends on what you're doing, of course. Five years ago I used 3DES
> for telnet, and - surprise - never noticed the speed loss. Now try
> real-time video-conferencing and tell me if you notice any 
> performance degradation.

I have, actually. Surprisingly, you can get away with it a lot of the
time today -- and doubtless all of the time Real Soon Now.

Remember, 3DES implementations can churn out far higher than ethernet
bandwidth data rates on modern processors. In a year or two this will
be even less of an issue.

If Phil Karn is reading, he might be able to speak a bit to the sorts
of data rates he gets with his tuned 3DES code on 200Mhz+ Pentium IIs.

> > On anything remotely modern, or
> > anything where you aren't pumping lots of data (and hypothetical SNMP
> > enabled lightbulbs aren't going to be pushing lots of data), you will
> > not notice the overhead.
> 
> No, SNMP shouldn't move lots of data (unless the design is screwed up :-).
> But today there are other protocols that do load the network (:-).
> 
> To summarize: there are applications today, where 3DES delays things
> visibly, and from cryptography point of view there is no need to pay
> that price.

Even the dinkiest things can do pretty high speed with RC4, of
course...

Perry

PS I think we mostly agree here, btw.

---

Follow-Ups:

• Re: What price security?
• From: George Michaelson <ggm@connect.com.au>

References:

• Re: What price security?
• From: Uri Blumenthal <uri@watson.ibm.com>

---

• Prev by Date: Re: What price security?
• Next by Date: isakmp/doi questions: fine-grained keying..
• Next by thread: Re: New draft -- IPSEC AH
• Index(es):
  • Main
  • Thread