On Fri, Aug 13, 2010 at 02:55:32PM -0500, eric.lengve...@wellsfargo.com wrote: > > The big drawback is that those who want to follow NIST's > recommendations to migrate to 2048-bit keys will be returning to > the 2005-era overhead. Dan Kaminsky provided some benchmarks in a > different thread on this list [1] that showed 2048-bit keys performing > at 1/9th of 1024-bit. My own internal benchmarks have been closer to > 1/7th to 1/8th. Either way, that's back in line with the above stated > 90-95% overhead. Meaning, in Dan's words "2048 ain't happening."
Indeed. The way forward would seem to be ECC, but show me a load balancer or even a dedicated SSL offload device which supports ECC. I'm not even certain the popular clients, which are usually well ahead of everything else in terms of cryptography support, can cope with it. The only place it seems to be consistently used is in proprietary client/server software for mobile devices, as has been the case for years. Thor --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com