[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What price security?

David P. Kemp writes:
> > From: "Perry E. Metzger" <perry@piermont.com>
> >
> > I used to think that 3DES and other algorithms like it were "too
> > expensive".
> > 
> > Extensive day to day use of SSH taught me otherwise. I 3DES encrypt
> > ALL my network traffic these days -- backups, remote logins, the works
> > -- and I never notice the speed loss.
> Nonetheless, there are applications (such as gigabit routers) where the
> processor-to-bandwidth ratio is smaller than pentium-over-modem.

No doubt.

Of course, one of the advantages of the Internet architecture is that
routers generally aren't communications endpoints (they are, but only
for a tiny amount of management traffic) so they generally aren't
going to be doing much encryption. It is only endpoint hosts with
gigabit speed networks that need to worry, and those are (currently)
rare, and probably by the time they are common processors will be
substantially faster.

For the edge case of Virtual Network equipment that has to go at high
speeds, well, gigabit speed 3DES chips are available, and cheap
compared to the rest of the router.


Follow-Ups: References: