Securing online communications

Wed, 24 Dec 2008 08:03:53 +0000

On 23 Dec 2008, at 23:21, Chris Edwards wrote:

> WRT crypto CPU load, I guess this _might_ be an application for
> lower-strength (and thus faster) ciphers...

Of course, if you want to protect against Phorm, all you need is to  
XOR with 0xff.

That trade-off isn't as clear as it used to be anyway.   AES is fast,  
and there are exotic optimised implementations for common processors  
that are very fast.   RC4 is very fast, and I don't believe that  
(publicly, at least) there are worrying results against it.  The  
problem with anything that involves having a process per connection  
containing crypto state is that you add an extra pair of context  
switches (in and out of the crypto process) to every operation.    
That's why you want it either in the userspace process, or in the  
kernel.

ian