[cryptography] 100 Gbps line rate encryption
Thor Lancelot Simon
tls at panix.com
Tue Jul 16 10:43:03 EDT 2013
On Tue, Jul 16, 2013 at 03:23:01AM -0400, William Allen Simpson wrote:
> On 6/22/13 8:24 PM, Greg Rose wrote:
> >On Jun 22, 2013, at 15:31 , James A. Donald <jamesd at echeque.com> wrote:
> >>On 2013-06-23 6:47 AM, Peter Maxwell wrote:
> >>>I think Bernstein's Salsa20 is faster and significantly more secure than RC4, whether you'll be able to design hardware to run at line-speed is somewhat more questionable though (would be interested to know if it's possible right enough).
> >>I would be surprised if it is faster.
> >Be surprised, then... almost all of the recent word- or block- oriented stream ciphers are faster than RC4. And NOTHING should still be using RC4; by today's standards it is quite insecure.
> So I spent some (much too much) time reading old PPP archives on our
> earlier discussions selecting an algorithm. Sadly, 3DES was chosen,
> but rarely implemented.
> I cobbled together a draft based on old discussion for ARC4. It
> surely needs more work. Although (as you mention) that's old stuff,
> it has the advantage of having running code in most existing systems,
> and could be rolled out quickly on high speed connections.
If you're really going to publish a new RFC -- even an Experimental
one -- using RC4, you should really use RC4-drop-N. For even moderately
sized packets and reasonable values of N, if you effectively rekey every
packet, you will end up wasting 25-50% of the throughput of the system.
Conclusion: RC4 is particularly poorly suited for this application
in the modern day.
More information about the cryptography