Hi, On 2015-07-27 20:58, Jonathan Schleifer wrote: > Am 27.07.2015 um 20:09 schrieb Mathias Ertl <[email protected]>: > >>> On 2015-07-21 00:19, Jonathan Schleifer wrote: So, 4096 bit RSA >>> just gives you an additional 16 bits for your AES, while doubling >>> the number of RSA bits more than doubles the computational >>> overhead… >> >> I consider this argument invalid. It's not because "just additional >> 16 bits" is wrong. Its because the "double the overhead" is >> completely irrelevant. Even we have only two CPUs and still very >> little CPU usage. So sure it's double. But double of next to >> nothing is still nothing. > > Sorry, but this is plain wrong! > > Doubling the number of bits DOES NOT double the computational work - > it's not growing linearly, but exponentially! For example, I have a > smart card that can do RSA-2048 in little above one second. RSA-4096 > on the other hand takes 8 seconds. (The device in question is the > FST-01 running Gnuk, in case you want to know to verify and not just > take my word on it.) > > But it gets worse: Your statement that double of next to nothing is > still nothing couldn't be more wrong. In fact, the SSL handshake is > the most expensive part of most of the XMPP connections!
Sorry, but you missed the point _entirely_. I didn't claim that the TLS handshake is the cheap part of an XMPP connection. I said that - based on quite a bit of experience - running an XMPP server requires very little CPU power, even with 4096 bit certificates. And with the same experience that switching from 2048 to 4096 bit certs didn't bring us *any* noticeable increase in CPU load. > So, please get your facts straight, as this all can easily be > researched using your favorite search engine. I think I have my facts quite queer, thank you. greetings, Mati -- twitter: @mathiasertl | xing: Mathias Ertl | email: [email protected] I only read plain-text mail! I prefer signed/encrypted mail!
smime.p7s
Description: S/MIME Cryptographic Signature
