[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What price security?

To: perry@piermont.com
Subject: Re: What price security?
From: Phil Karn <karn@Qualcomm.com>
Date: Thu, 19 Jun 1997 16:49:10 -0700 (PDT)
CC: uri@watson.ibm.com, trei@process.com, ipsec@tis.com
In-reply-to: <199706191950.PAA09886@jekyll.piermont.com> (perry@piermont.com)
Sender: owner-ipsec@ex.tis.com

>Extensive day to day use of SSH taught me otherwise. I 3DES encrypt
>ALL my network traffic these days -- backups, remote logins, the works
>-- and I never notice the speed loss.

I do the same, and I agree. The only time I even notice the encryption
load enough to be tempted to turn it off is when I'm shipping a very
large amount of data (like an entire filesystem) between two machines
on my private home Ethernet where I'm fairly confident there are no
eavesdroppers.

By the way, the DES implementation in the freeware version of SSH
could be improved.  There's a fairly obvious optimization that could
be had in the 3DES encrypt/decrypt functions, namely eliminating the
final permutations of encryptions 1&2 and eliminating the initial
permutations of encryptions 2&3 as these pairs of permutations cancel.

Also, I have a DES and 3DES in hand-optimized assembler for the Intel
x86 CPUs that I'm thinking of dropping into SSH as a patch kit.  My
code does 3DES at 6.22 megabits/sec on a 133MHz Pentium. That's over
twice the speed of the 3DES C code in SSH, which I measure at about
2.6 megabits/sec on the P133.

Phil

Follow-Ups:

Re: What price security?

From: Bart Preneel <Bart.Preneel@esat.kuleuven.ac.be>

Re: What price security?

From: andrade@netcom.com (Andrade Software Andrade Networking)

References:

What price security?

From: "Perry E. Metzger" <perry@piermont.com>

Prev by Date: isakmp/doi questions: fine-grained keying..
Next by Date: Re: What price security?
Next by thread: Re: New draft -- IPSEC AH
Index(es):
- Main
- Thread