[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What price security?

> FYI: 
> The 3DES code of my colleague Antoon Bosselaers runs 
> at 9.2 Mbit/s on a 133MHz Pentium.  


To make this more relevant to ipsec, how, umm, "agile" is this 3DES?

I think there are three relevant measurements:

	- How much memory is required by the key schedules
	- How long does it take to set them up
	- How well does it perform on short blocks (64 bytes to ~4k bytes),
	if you have to change to a new key schedule after every block
	(assume you're rotating among 10 to 100 different keys).

Clearly one can (and perhaps should) cache precomputed key schedules
into your SA data structure(s), but whether to do it and how long to
retain it is clearly a memory vs time engineering tradeoff..
					- Bill

Follow-Ups: References: