-------------------------------------------------- From: "Andreas Raab" andreas.raab@gmx.de Sent: Thursday, September 02, 2010 6:10 PM To: "The general-purpose Squeak developers list" squeak-dev@lists.squeakfoundation.org Subject: [squeak-dev] Re: [Cryptography Team]Re:DigitalSignatureAlgorithm>>#initRandomNonInteractivelyisnot random
On 9/2/2010 2:22 PM, Rob Withers wrote:
whereas for example MD2, MD4 (outdated) and DiffieHellman (WAY too slow) are not.
Andreas, I use DiffieHellman for key exchange in my system. It is considered slow? It is a one time use in a connection...
If I remember correctly (it's been a few years since I did this) the problem was the DH had a significant server load for each connection (several seconds for each new connection) whereas RSA had a high inital cost but after that was basically instant. Of course all of this was pre-cog so very different performance tradeoffs but when I did the math, the bottom line was that a DH reconnect of ten people could never be completed in less than 30 seconds simply because each connection would require 3+ seconds server time and (at that point) all of the connections were serialized. It was just a no-go.
Very interesting. I have never measured it. I take my prime and generator from E. I just tried a 1024 bit DiffieHellman and it took 65 seconds! With E's numbers I get 315 ms pretty consistently. This seems to match a 192 bit DH pretty well. This is both send and receive messages so is the total time for one side. This is pre-cog.
RSA, on the other hand, is somewhere in the middle - it performs reasonably well (we use it for key exchange in our products) but one could easily argue that it's not a common enough feature to be required in Core. Not sure on ElGamal.
How do you use RSA for key exchange?
The server generates a new key pair on startup and when the client connects the server sends its public key to the client. The client uses the public key to encrypt the session key for the connection and sends it back. The server decrypts the session key, both ends install a streaming cipher based on the session key and we're done.
Ok, that makes sense. There is a qualitative security difference between DH and this approach. DH does not pass the key across the wire. It does modulo arithmetic to pass derivative numbers.
To speed things up, we could primitize hot spots:
17.1% {7ms} SHA1>>finalHash 14.6% {6ms} ThirtyTwoBitRegister>>load: 9.8% {4ms} LargePositiveInteger>>+
from SecureRandom
and in raisedTo: modulo:
65.5% {1045ms} Array(SequenceableCollection)>>second 32.5% {519ms} LargePositiveInteger>>>=
Not sure if that would improve with a plugin.
Of course, the same is true of RSA.
Cheers, Rob
Cheers,
- Andreas
But in any case, I think I'll leave this to the experts, which I think is you, Rob and Ron :-)
That's what I got, Rob
Cheers,
- Andreas
On Sat, Aug 28, 2010 at 6:30 AM, Rob Withersreefedjib@gmail.com wrote:
From: "Bert Freudenberg"bert@freudenbergs.de Sent: Saturday, August 28, 2010 7:13 AM To: "The general-purpose Squeak developers list" squeak-dev@lists.squeakfoundation.org Subject: Re: [Cryptography Team]Re:[squeak-dev]DigitalSignatureAlgorithm>>#initRandomNonInteractivelyisnot
random
On 28.08.2010, at 12:59, Rob Withers wrote:
> > > -------------------------------------------------- > From: "Bert Freudenberg"bert@freudenbergs.de > Sent: Saturday, August 28, 2010 6:42 AM > To: "The general-purpose Squeak developers list" > squeak-dev@lists.squeakfoundation.org > Cc: "Squeak Crypto"cryptography@lists.squeakfoundation.org > Subject: Re: [Cryptography Team] > Re:[squeak-dev]DigitalSignatureAlgorithm>>#initRandomNonInteractivelyis > not > random > >> It's best to first publish to the inbox. You do not need special >> permissions for that. Once we're happy with the packages we move >> them over >> to trunk. > > Done. The following packages are in the Inbox: > > CryptoCore > CryptoCoreTests > CryptoExtras > CryptoExtrasTests > CryptoCerts > CryptoCertsTests > > All tests pass, although I have not tried to load just CryptoCore > and > CryptoCoreTests and run its tests. > > Rob
Ah, should have commented on the package names - didn't think you're *that* fast ;)
I did the work last night.
The convention is to use hyphenation. As Andreas suggested, that would be "Crypto-Core", "Crypto-Core-Tests" etc.
The problem with that approach is the the Test package gets included with the core package. In the example of "Kernel" and "KernelTests" hyphenation is not used.
Rob