Re: Reverse of @STRENGTH?

Sun, 24 Aug 2003 21:09:26 +0000 

On Sun, Aug 24, 2003 at 11:09:09AM -0700, Brian Hatch wrote:
> Is there a way to sort on the reverse of @STRENGTH?  I'd like
> to support ALL:eNULL in preferential order of weekest to
> strongest, without explicitly listing them if I can.
> 
> Is there a converse of @STRENGTH?
> 
> Right now I have eNULL:EXPORT40:EXPORT56:LOW:MEDIUM:HIGH:ALL
> which is the best I can do, but it preferss 256 bit AES over
> 168 bit 3DES in the HIGH suit, for example.  I want the worst
> crypto (fastest speed, since security is not a design goal at
> all) possible.

I have never expected a request like this... thus I have not implemented
@WEAKEST :-)

Nevertheless, I would recommend you to reconsider your goal. The "strength"
given by the number of "secret" bits is not proportional to the speed.
RC4 by design is a 128bit alogrithm. When using 40bit RC4, the 128bit
algorithm is used but 88bit are fixed and known. AES was designed with
software implementations in mind while DES is known to favor hardware
implementations. It may therefore well be possible that AES128 might
even be faster than DES168, depending on the implementation and machine.

HP-UX 10.20, HP's ANSI C compiler with +O4:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
des cbc           3606.59k     3815.63k     3879.86k     3892.93k     3891.20k
des ede3          1480.06k     1537.94k     1558.34k     1556.96k     1558.68k
aes-128 cbc       6142.92k     6611.84k     6724.15k     6782.11k     6773.52k
aes-192 cbc       5749.39k     6117.82k     6215.65k     6282.48k     6241.26k
aes-256 cbc       5340.24k     5687.77k     5792.13k     5793.85k     5830.78k

As you can easily see, AES on HP-UX is much faster than DES. Even AES256 beats
the hell out of DES (56bit)... :-)
On other platforms the results may differ.

Thus, if you have control over both sides of the channel, you might consider
to optimize your cipher suite against the result of "openssl speed". If you
don't know your peer's platform, well, ...

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to