[cryptography] 100 Gbps line rate encryption

Thor Lancelot Simon tls at panix.com
Tue Jul 16 10:43:03 EDT 2013

On Tue, Jul 16, 2013 at 03:23:01AM -0400, William Allen Simpson wrote:
> On 6/22/13 8:24 PM, Greg Rose wrote:
> >
> >On Jun 22, 2013, at 15:31 , James A. Donald <jamesd at echeque.com> wrote:
> >
> >>On 2013-06-23 6:47 AM, Peter Maxwell wrote:
> >>>I think Bernstein's Salsa20 is faster and significantly more secure than RC4, whether you'll be able to design hardware to run at line-speed is somewhat more questionable though (would be interested to know if it's possible right enough).
> >>
> >>I would be surprised if it is faster.
> >
> >Be surprised, then... almost all of the recent word- or block- oriented stream ciphers are faster than RC4. And NOTHING should still be using RC4; by today's standards it is quite insecure.
> >
> So I spent some (much too much) time reading old PPP archives on our
> earlier discussions selecting an algorithm.  Sadly, 3DES was chosen,
> but rarely implemented.
> I cobbled together a draft based on old discussion for ARC4.  It
> surely needs more work.  Although (as you mention) that's old stuff,
> it has the advantage of having running code in most existing systems,
> and could be rolled out quickly on high speed connections.
> http://tools.ietf.org/html/draft-simpson-ppp-arc4-00

If you're really going to publish a new RFC -- even an Experimental
one -- using RC4, you should really use RC4-drop-N.  For even moderately
sized packets and reasonable values of N, if you effectively rekey every
packet, you will end up wasting 25-50% of the throughput of the system.

Conclusion: RC4 is particularly poorly suited for this application
in the modern day.


More information about the cryptography mailing list